diff options
| author | Tom Lane | 2016-12-26 19:58:02 +0000 |
|---|---|---|
| committer | Tom Lane | 2016-12-26 19:58:33 +0000 |
| commit | 607d0cd14872aeabcd98bd168a50efa595ea7844 (patch) | |
| tree | 10d1f1659db7ce02a31aae2a9ed04a28ebf7c67a | |
| parent | 071538f3491d3d055a7574b8cd38a40b084a01e4 (diff) | |
Remove triggerable Assert in hashname().
hashname() asserted that the key string it is given is shorter than
NAMEDATALEN. That should surely always be true if the input is in fact a
regular value of type "name". However, for reasons of coding convenience,
we allow plain old C strings to be treated as "name" values in many places.
Some SQL functions accept arbitrary "text" inputs, convert them to C
strings, and pass them otherwise-untransformed to syscache lookups for name
columns, allowing an overlength input value to trigger hashname's Assert.
This would be a DOS problem, except that it only happens in assert-enabled
builds which aren't recommended for production. In a production build,
you'll just get a name lookup error, since regardless of the hash value
computed by hashname, the later equality comparison checks can't match.
Likewise, if the catalog lookup is done by seqscan or indexscan searches,
there will just be a lookup error, since the name comparison functions
don't contain any similar length checks, and will see an overlength input
as unequal to any stored entry.
After discussion we concluded that we should simply remove this Assert.
It's inessential to hashname's own functionality, and having such an
assertion in only some paths for name lookup is more of a foot-gun than
a useful check. There may or may not be a case for the affected callers
to do something other than let the name lookup fail, but we'll consider
that separately; in any case we probably don't want to change such
behavior in the back branches.
Per report from Tushar Ahuja. Back-patch to all supported branches.
Report: https://postgr.es/m/7d0809ee-6f25-c9d6-8e74-5b2967830d49@enterprisedb.com
Discussion: https://postgr.es/m/17691.1482523168@sss.pgh.pa.us
| -rw-r--r-- | src/backend/access/hash/hashfunc.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/backend/access/hash/hashfunc.c b/src/backend/access/hash/hashfunc.c index e5dd1e04761..fb6c00912fc 100644 --- a/src/backend/access/hash/hashfunc.c +++ b/src/backend/access/hash/hashfunc.c @@ -142,11 +142,8 @@ Datum hashname(PG_FUNCTION_ARGS) { char *key = NameStr(*PG_GETARG_NAME(0)); - int keylen = strlen(key); - Assert(keylen < NAMEDATALEN); /* else it's not truncated correctly */ - - return hash_any((unsigned char *) key, keylen); + return hash_any((unsigned char *) key, strlen(key)); } Datum |