projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9403de) | patch
Prevent a double free by not reentering be_tls_close().
authorNoah Misch <noah@leadboat.com>
Mon, 18 May 2015 14:02:31 +0000 (10:02 -0400)
committerNoah Misch <noah@leadboat.com>
Mon, 18 May 2015 14:02:36 +0000 (10:02 -0400)
commitf4c12b415f1ed07e681bab58f7d6520025edfe83
tree5116ddb291c10c9691caf4bb4d754bfdb213c967tree
parentb9403dedc5b157801c19bcba1a135aac7cef2d4acommit | diff
Prevent a double free by not reentering be_tls_close().

Reentering this function with the right timing caused a double free,
typically crashing the backend.  By synchronizing a disconnection with
the authentication timeout, an unauthenticated attacker could achieve
this somewhat consistently.  Call be_tls_close() solely from within
proc_exit_prepare().  Back-patch to 9.0 (all supported versions).

Benkocs Norbert Attila

Security: CVE-2015-3165
src/backend/libpq/be-secure.c diff | blob | blame | history
src/backend/libpq/pqcomm.c diff | blob | blame | history
src/backend/postmaster/postmaster.c diff | blob | blame | history
This is the main PostgreSQL git repository.