Prevent a double free by not reentering be_tls_close(). - user/sven/postgresql.git

diff options

author	Noah Misch <noah@leadboat.com>	2015-05-18 10:02:31 -0400
committer	Noah Misch <noah@leadboat.com>	2015-05-18 10:02:36 -0400
commit	f4c12b415f1ed07e681bab58f7d6520025edfe83 (patch)
tree	5116ddb291c10c9691caf4bb4d754bfdb213c967 /src/backend/utils/adt/pg_locale.c
parent	b9403dedc5b157801c19bcba1a135aac7cef2d4a (diff)

Prevent a double free by not reentering be_tls_close().

Reentering this function with the right timing caused a double free, typically crashing the backend. By synchronizing a disconnection with the authentication timeout, an unauthenticated attacker could achieve this somewhat consistently. Call be_tls_close() solely from within proc_exit_prepare(). Back-patch to 9.0 (all supported versions). Benkocs Norbert Attila Security: CVE-2015-3165

Diffstat (limited to 'src/backend/utils/adt/pg_locale.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: