array_set_element() and related functions allow an array to be enlarged by assigning to subscripts outside the current array bounds. While these places were careful to check that the new bounds are allowable, they neglected to consider the risk of integer overflow in computing the new bounds. In edge cases, we could compute new bounds that are invalid but get past the subsequent checks, allowing bad things to happen. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. To fix, perform the hazardous computations using overflow-detecting arithmetic routines, which fortunately exist in all still-supported branches. The test cases added for this generate (after patching) errors that mention the value of MaxArraySize, which is platform-dependent. Rather than introduce multiple expected-files, use psql's VERBOSITY parameter to suppress the printing of the message text. v11 psql lacks that parameter, so omit the tests in that branch. Our thanks to Pedro Gallegos for reporting this problem. Security: CVE-2023-5869 |
||
---|---|---|
.. | ||
activity | ||
adt | ||
cache | ||
error | ||
fmgr | ||
hash | ||
init | ||
mb | ||
misc | ||
mmgr | ||
resowner | ||
sort | ||
time | ||
.gitignore | ||
Gen_dummy_probes.pl | ||
Gen_dummy_probes.pl.prolog | ||
Gen_dummy_probes.sed | ||
Gen_fmgrtab.pl | ||
Makefile | ||
README.Gen_dummy_probes | ||
errcodes.txt | ||
generate-errcodes.pl | ||
probes.d |
README.Gen_dummy_probes
# Generating dummy probes If Postgres isn't configured with dtrace enabled, we need to generate dummy probes for the entries in probes.d, that do nothing. This is accomplished in Unix via the sed script `Gen_dummy_probes.sed`. We used to use this in MSVC builds using the perl utility `psed`, which mimicked sed. However, that utility disappeared from Windows perl distributions and so we converted the sed script to a perl script to be used in MSVC builds. We still keep the sed script as the authoritative source for generating these dummy probes because except on Windows perl is not a hard requirement when building from a tarball. So, if you need to change the way dummy probes are generated, first change the sed script, and when it's working generate the perl script. This can be accomplished by using the perl utility s2p. s2p is no longer part of the perl core, so it might not be on your system, but it is available on CPAN and also in many package systems. e.g. on Fedora it can be installed using `cpan App::s2p` or `dnf install perl-App-s2p`. The Makefile contains a recipe for regenerating Gen_dummy_probes.pl, so all you need to do is once you have s2p installed is `make Gen_dummy_probes.pl` Note that in a VPATH build this will generate the file in the vpath tree, not the source tree.