rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend
History
Tom Lane aa27464b34 Prevent execution of enum_recv() from SQL. 
This function was misdeclared to take cstring when it should take internal.
This at least allows crashing the server, and in principle an attacker
might be able to use the function to examine the contents of server memory.

The correct fix is to adjust the system catalog contents (and fix the
regression tests that should have caught this but failed to).  However,
asking users to correct the catalog contents in existing installations
is a pain, so as a band-aid fix for the back branches, install a check
in enum_recv() to make it throw error if called with a cstring argument.
We will later revert this in HEAD in favor of correcting the catalogs.

Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue.

Security: CVE-2013-0255
 		2013-02-04 16:25:30 -05:00
..
access Fix assorted bugs in CREATE INDEX CONCURRENTLY. 2012-11-29 14:52:37 -05:00
bootstrap Avoid changing an index's indcheckxmin horizon during REINDEX. 2011-04-19 18:51:12 -04:00
catalog DROP OWNED: don't try to drop tablespaces/databases 2013-01-28 19:13:06 -03:00
commands Protect against SnapshotNow race conditions in pg_tablespace scans. 2013-01-18 18:06:50 -05:00
executor Add defenses against integer overflow in dynahash numbuckets calculations. 2012-12-11 22:09:39 -05:00
lib Update copyrights in source tree to 2008. 2008-01-01 19:46:01 +00:00
libpq Produce a more useful error message for over-length Unix socket paths. 2012-11-29 19:57:38 -05:00
main Update copyrights in source tree to 2008. 2008-01-01 19:46:01 +00:00
nodes Fix planning of non-strict equivalence clauses above outer joins. 2012-10-18 12:29:19 -04:00
optimizer Fix assorted bugs in CREATE INDEX CONCURRENTLY. 2012-11-29 14:52:37 -05:00
parser Fix grammar for subscripting or field selection from a sub-SELECT result. 2013-01-30 14:16:59 -05:00
po Translation updates 2013-02-03 23:50:30 -05:00
port Fix Windows implementation of PGSemaphoreLock. 2012-05-10 13:36:33 -04:00
postmaster Fix syslogger so that log_truncate_on_rotation works in the first rotation. 2012-07-31 14:37:18 -04:00
regex Prevent corner-case core dump in rfree(). 2012-07-15 13:28:32 -04:00
rewrite Prevent CREATE TABLE LIKE/INHERITS from (mis) copying whole-row Vars. 2012-06-30 16:44:19 -04:00
snowball Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:12 +02:00
storage Add missing period to detail message. 2012-08-30 13:27:42 -04:00
tcop set_stack_base() no longer needs to be called in PostgresMain. 2012-04-08 19:42:13 +03:00
tsearch Fix bug in to_tsquery(). 2012-05-15 19:27:00 +03:00
utils Prevent execution of enum_recv() from SQL. 2013-02-04 16:25:30 -05:00
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:12 +02:00
Makefile Fix PGXS support for building loadable modules on AIX. 2012-10-09 21:04:30 -04:00
nls.mk Install a more robust solution for the problem of infinite error-processing 2008-10-27 19:37:29 +00:00