diff options
| author | Noah Misch | 2015-02-02 15:00:45 +0000 |
|---|---|---|
| committer | Noah Misch | 2015-02-02 15:00:45 +0000 |
| commit | 1dc75515868454c645ded22d38054ec693e23ec6 (patch) | |
| tree | ee75251b5d50e9caa19c80316dc2907f6ea8e205 /contrib/pgcrypto/mbuf.c | |
| parent | 29725b3db67ad3f09da1a7fb6690737d2f8d6c0a (diff) | |
Fix buffer overrun after incomplete read in pullf_read_max().
Most callers pass a stack buffer. The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation. Back-patch to 9.0 (all supported versions).
Marko Tiikkaja
Security: CVE-2015-0243
Diffstat (limited to 'contrib/pgcrypto/mbuf.c')
| -rw-r--r-- | contrib/pgcrypto/mbuf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c index 6124e4513c7..c59691ed2cc 100644 --- a/contrib/pgcrypto/mbuf.c +++ b/contrib/pgcrypto/mbuf.c @@ -305,6 +305,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf) break; memcpy(tmpbuf + total, tmp, res); total += res; + len -= res; } return total; } |