8000 Prevent buffer overrun in read_tablespace_map(). · postgres/postgres@a50e4fd · GitHub
[go: up one dir, main page]
Skip to content
{"payload":{"commit":{"oid":"a50e4fd028a1ece2b1a04df2c9ae6581783e9eef","url":"/postgres/postgres/commit/a50e4fd028a1ece2b1a04df2c9ae6581783e9eef","authoredDate":"2021-03-17T16:10:37.000-04:00","committedDate":"2021-03-17T16:10:37.000-04:00","shortMessage":null,"shortMessageMarkdown":"\u003cdiv\u003ePrevent buffer overrun in read_tablespace_map().\u003c/div\u003e","shortMessageMarkdownLink":null,"bodyMessageHtml":"Robert Foggia of Trustwave reported that read_tablespace_map()\nfails to prevent an overrun of its on-stack input buffer.\nSince the tablespace map file is presumed trustworthy, this does\nnot seem like an interesting security vulnerability, but still\nwe should fix it just in the name of robustness.\n\nWhile here, document that pg_basebackup's --tablespace-mapping option\ndoesn't work with tar-format output, because it doesn't. To make it\nwork, we'd have to modify the tablespace_map file within the tarball\nsent by the server, which might be possible but I'm not volunteering.\n(Less-painful solutions would require changing the basebackup protocol\nso that the source server could adjust the map. That's not very\nappetizing either.)","authors":[{"login":"tglsfdc","displayName":"Tom Lane","avatarUrl":"https://avatars.githubusercontent.com/u/8755309?v=4","path":"/tglsfdc","isGitHub":false}],"committerAttribution":false,"committer":{"login":"tglsfdc","displayName":"Tom Lane","avatarUrl":"https://avatars.githubusercontent.com/u/8755309?v=4","path":"/tglsfdc","isGitHub":false},"parents":["081876d75ea15c3bd2ee5ba64a794fd8ea46d794"],"globalRelayId":"MDY6Q29tbWl0OTI3NDQyOmE1MGU0ZmQwMjhhMWVjZTJiMWEwNGRmMmM5YWU2NTgxNzgzZTllZWY=","sha1":"081876d75ea15c3bd2ee5ba64a794fd8ea46d794","sha2":"a50e4fd028a1ece2b1a04df2c9ae6581783e9eef"},"currentUser":null,"repo":{"id":927442,"defaultBranch":"master","name":"postgres","ownerLogin":"postgres","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2010-09-21T11:35:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/177543?v=4","public":true,"private":false,"isOrgOwned":true},"diffEntryData":[{"diffLines":[{"stylingDirective":null,"type":"HUNK","blobLineNumber":160,"text":"@@ -161,6 +161,7 @@ PostgreSQL documentation","html":"@@ -161,6 +161,7 @@ PostgreSQL documentation","displayNoNewLineWarning":false,"position":0,"left":160,"right":160},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":161,"text":" tablespaces, the main data directory will be placed in the","html":" tablespaces, the main data directory will be placed in the","displayNoNewLineWarning":false,"position":1,"left":161,"right":161},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":162,"text":" target directory, but all other tablespaces will be placed","html":" target directory, but all other tablespaces will be placed","displayNoNewLineWarning":false,"position":2,"left":162,"right":162},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":163,"text":" in the same absolute path as they have on the source server.","html":" in the same absolute path as they have on the source server.","displayNoNewLineWarning":false,"position":3,"left":163,"right":163},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":164,"text":"+ (See \u003coption\u003e--tablespace-mapping\u003c/option\u003e to change that.)","html":"+ (See \u0026lt;option\u0026gt;--tablespace-mapping\u0026lt;/option\u0026gt; to change that.)","displayNoNewLineWarning":false,"position":4,"left":163,"right":164},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":165,"text":" \u003c/para\u003e","html":" \u0026lt;/para\u0026gt;","displayNoNewLineWarning":false,"position":5,"left":164,"right":165},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":166,"text":" \u003cpara\u003e","html":" \u0026lt;para\u0026gt;","displayNoNewLineWarning":false,"position":6,"left":165,"right":166},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":167,"text":" This is the default format.","html":" This is the default format.","displayNoNewLineWarning":false,"position":7,"left":166,"right":167},{"stylingDirective":null,"type":"HUNK","blobLineNumber":241,"text":"@@ -241,7 +242,12 @@ PostgreSQL documentation","html":"@@ -241,7 +242,12 @@ PostgreSQL documentation","displayNoNewLineWarning":false,"position":8,"left":240,"right":241},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":242,"text":" the main data directory are updated to point to the new location. So","html":" the main data directory are updated to point to the new location. So","displayNoNewLineWarning":false,"position":9,"left":241,"right":242},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":243,"text":" the new data directory is ready to be used for a new server instance","html":" the new data directory is ready to be used for a new server instance","displayNoNewLineWarning":false,"position":10,"left":242,"right":243},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":244,"text":" with all tablespaces in the updated locations.","html":" with all tablespaces in the updated locations.","displayNoNewLineWarning":false,"position":11,"left":243,"right":244},{"stylingDirective":null,"type":"DELETION","blobLineNumber":244,"text":"- \u003c/para\u003e","html":"- \u0026lt;/para\u0026gt;","displayNoNewLineWarning":false,"position":12,"left":244,"right":244},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":245,"text":"+ \u003c/para\u003e","html":"+ \u0026lt;/para\u0026gt;","displayNoNewLineWarning":false,"position":13,"left":244,"right":245},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":246,"text":"+","html":"+","displayNoNewLineWarning":false,"position":14,"left":244,"right":246},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":247,"text":"+ \u003cpara\u003e","html":"+ \u0026lt;para\u0026gt;","displayNoNewLineWarning":false,"position":15,"left":244,"right":247},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":248,"text":"+ Currently, this option only works with plain output format; it is","html":"+ Currently, this option only works with plain output format; it is","displayNoNewLineWarning":false,"position":16,"left":244,"right":248},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":249,"text":"+ ignored if tar format is selected.","html":"+ ignored if tar format is selected.","displayNoNewLineWarning":false,"position":17,"left":244,"right":249},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":250,"text":"+ \u003c/para\u003e","html":"+ \u0026lt;/para\u0026gt;","displayNoNewLineWarning":false,"position":18,"left":244,"right":250},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":251,"text":" \u003c/listitem\u003e","html":" \u0026lt;/listitem\u0026gt;","displayNoNewLineWarning":false,"position":19,"left":245,"right":251},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":252,"text":" \u003c/varlistentry\u003e","html":" \u0026lt;/varlistentry\u0026gt;","displayNoNewLineWarning":false,"position":20,"left":246,"right":252},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":253,"text":" ","html":"\u003cbr\u003e","displayNoNewLineWarning":false,"position":21,"left":247,"right":253}],"diffNumber":0,"diffSize":"0 Bytes","isBinary":false,"isTooBig":false,"collapsed":false,"isSubmodule":false,"lineCount":917,"linesChanged":8,"newTreeEntry":{"lineCount":917,"path":"doc/src/sgml/ref/pg_basebackup.sgml","mode":100644,"isGenerated":false},"oldTreeEntry":{"lineCount":0,"path":"doc/src/sgml/ref/pg_basebackup.sgml","mode":100644},"linesAdded":7,"linesDeleted":1,"path":"doc/src/sgml/ref/pg_basebackup.sgml","pathDigest":"b04abecb484f2424a06f93208eb0fba104116984655bbf00b3d310e4f6260a1c","status":"MODIFIED","truncatedReason":null,"oldOid":"081876d75ea15c3bd2ee5ba64a794fd8ea46d794","newOid":"a50e4fd028a1ece2b1a04df2c9ae6581783e9eef","copilotChatReference":null,"deletedSha":"081876d75ea15c3bd2ee5ba64a794fd8ea46d794","canToggleRichDiff":false,"defaultToRichDiff":false,"proseDifffHtml":null,"renderInfo":null,"dependencyDiffPath":null,"submodule":null},{"diffLines":[{"stylingDirective":null,"type":"HUNK","blobLineNumber":11958,"text":"@@ -11959,7 +11959,7 @@ read_tablespace_map(List **tablespaces)","html":"@@ -11959,7 +11959,7 @@ read_tablespace_map(List **tablespaces)","displayNoNewLineWarning":false,"position":0,"left":11958,"right":11958},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11959,"text":" \t\t}","html":" \t\t}","displayNoNewLineWarning":false,"position":1,"left":11959,"right":11959},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11960,"text":" \t\telse if ((ch == '\\n' || ch == '\\r') \u0026\u0026 prev_ch == '\\\\')","html":" \t\t\u003cspan class=pl-k\u003eelse\u003c/span\u003e \u003cspan class=pl-k\u003eif\u003c/span\u003e ((\u003cspan class=pl-s1\u003ech\u003c/span\u003e \u003cspan class=pl-c1\u003e==\u003c/span\u003e \u003cspan class=pl-c1\u003e\u0026#39;\\n\u0026#39;\u003c/span\u003e \u003cspan class=pl-c1\u003e||\u003c/span\u003e \u003cspan class=pl-s1\u003ech\u003c/span\u003e \u003cspan class=pl-c1\u003e==\u003c/span\u003e \u003cspan class=pl-c1\u003e\u0026#39;\\r\u0026#39;\u003c/span\u003e) \u003cspan class=pl-c1\u003e\u0026amp;\u0026amp;\u003c/span\u003e \u003cspan class=pl-s1\u003eprev_ch\u003c/span\u003e \u003cspan class=pl-c1\u003e==\u003c/span\u003e \u003cspan class=pl-c1\u003e\u0026#39;\\\\\u0026#39;\u003c/span\u003e)","displayNoNewLineWarning":false,"position":2,"left":11960,"right":11960},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11961,"text":" \t\t\tstr[i - 1] = ch;","html":" \t\t\t\u003cspan class=pl-s1\u003estr\u003c/span\u003e[\u003cspan class=pl-s1\u003ei\u003c/span\u003e \u003cspan class=pl-c1\u003e-\u003c/span\u003e \u003cspan class=pl-c1\u003e1\u003c/span\u003e] \u003cspan class=pl-c1\u003e=\u003c/span\u003e \u003cspan class=pl-s1\u003ech\u003c/span\u003e;","displayNoNewLineWarning":false,"position":3,"left":11961,"right":11961},{"stylingDirective":null,"type":"DELETION","blobLineNumber":11962,"text":"-\t\telse","html":"-\t\t\u003cspan class=\"pl-k\"\u003eelse\u003c/span\u003e","displayNoNewLineWarning":false,"position":4,"left":11962,"right":11961},{"stylingDirective":null,"type":"ADDITION","blobLineNumber":11962,"text":"+\t\telse if (i \u003c sizeof(str) - 1)","html":"+\t\t\u003cspan class=\"pl-k\"\u003eelse\u003c/span\u003e\u003cspan class=\"x x-first\"\u003e \u003c/span\u003e\u003cspan class=\"pl-k x\"\u003eif\u003c/span\u003e\u003cspan class=\"x\"\u003e (\u003c/span\u003e\u003cspan class=\"pl-s1 x\"\u003ei\u003c/span\u003e\u003cspan class=\"x\"\u003e \u003c/span\u003e\u003cspan class=\"pl-c1 x\"\u003e\u0026lt;\u003c/span\u003e\u003cspan class=\"x\"\u003e \u003c/span\u003e\u003cspan class=\"pl-k x\"\u003esizeof\u003c/span\u003e\u003cspan class=\"x\"\u003e(\u003c/span\u003e\u003cspan class=\"pl-s1 x\"\u003estr\u003c/span\u003e\u003cspan class=\"x\"\u003e) \u003c/span\u003e\u003cspan class=\"pl-c1 x\"\u003e-\u003c/span\u003e\u003cspan class=\"x\"\u003e \u003c/span\u003e\u003cspan class=\"pl-c1 x\"\u003e1\u003c/span\u003e\u003cspan class=\"x x-last\"\u003e)\u003c/span\u003e","displayNoNewLineWarning":false,"position":5,"left":11962,"right":11962},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11963,"text":" \t\t\tstr[i++] = ch;","html":" \t\t\t\u003cspan class=pl-s1\u003estr\u003c/span\u003e[\u003cspan class=pl-s1\u003ei\u003c/span\u003e\u003cspan class=pl-c1\u003e++\u003c/span\u003e] \u003cspan class=pl-c1\u003e=\u003c/span\u003e \u003cspan class=pl-s1\u003ech\u003c/span\u003e;","displayNoNewLineWarning":false,"position":6,"left":11963,"right":11963},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11964,"text":" \t\tprev_ch = ch;","html":" \t\t\u003cspan class=pl-s1\u003eprev_ch\u003c/span\u003e \u003cspan class=pl-c1\u003e=\u003c/span\u003e \u003cspan class=pl-s1\u003ech\u003c/span\u003e;","displayNoNewLineWarning":false,"position":7,"left":11964,"right":11964},{"stylingDirective":null,"type":"CONTEXT","blobLineNumber":11965,"text":" \t}","html":" \t}","displayNoNewLineWarning":false,"position":8,"left":11965,"right":11965}],"diffNumber":1,"diffSize":"0 Bytes","isBinary":false,"isTooBig":false,"collapsed":false,"isSubmodule":false,"lineCount":12911,"linesChanged":2,"newTreeEntry":{"lineCount":12911,"path":"src/backend/access/transam/xlog.c","mode":100644,"isGenerated":false},"oldTreeEntry":{"lineCount":0,"path":"src/backend/access/transam/xlog.c","mode":100644},"linesAdded":1,"linesDeleted":1,"path":"src/backend/access/transam/xlog.c","pathDigest":"c1cb3ab2a19606390c1a7ed00ffe5a45531702ca5faf999d401c548f8951c65b","status":"MODIFIED","truncatedReason":null,"oldOid":"081876d75ea15c3bd2ee5ba64a794fd8ea46d794","newOid":"a50e4fd028a1ece2b1a04df2c9ae6581783e9eef","copilotChatReference":null,"deletedSha":"081876d75ea15c3bd2ee5ba64a794fd8ea46d794","canToggleRichDiff":false,"defaultToRichDiff":false,"proseDifffHtml":null,"renderInfo":null,"dependencyDiffPath":null,"submodule":null}],"splitViewPreference":"unified","ignoreWhitespace":false,"repoOwnerGlobalRelayId":"MDEyOk9yZ2FuaXphdGlvbjE3NzU0Mw==","commentsPreference":"visible","diffLineSpacingPreference":"relaxed","useMonospaceFont":false,"pasteUrlLinkAsPlainText":false,"userNotices":[],"path":"/postgres/postgres/commit/a50e4fd028a1ece2b1a04df2c9ae6581783e9eef","fileTreeExpanded":true,"headerInfo":{"additions":8,"deletions":2,"filesChanged":2,"filesChangedString":"2"},"moreDiffsToLoad":false,"asyncDiffLoadInfo":{"startIndex":2,"truncated":false,"byteCount":1131,"lineShownCount":31},"commentInfo":{"canComment":false,"locked":false,"canLock":false,"repoArchived":false},"csrf_tokens":{"/users/diffview?diff=split":{"post":"lBxXgaA36r-C1-1Af0PM9O17nSltNzQCaUxVh6s2BHDAxLWhqjMKFA06sjspIK7Wk0oy0JvRRMy4ageukRuppA"},"/users/diffview?diff=unified":{"post":"dP42C8xizvovqvj1XnXdYRL0ulloqdw9KKnibB7tmc4gJtQrxmYuUaBHp44IFr9DbMUVoJ5PrPP5j7BFJMA0Gg"},"/notifications/thread":{"post":"UXpkmNDAxljjcZPygCFaxLYpGavSSsMb9afnqV4LU3c94yUkoW1yP9K6zF3G9WCInBVIaVSuK90UZvx726ZaBg"}}},"title":"Prevent buffer overrun in read_tablespace_map(). · postgres/postgres@a50e4fd","appPayload":{"helpUrl":"https://docs.github.com","findInDiffWorkerPath":"/assets-cdn/worker/find-in-diff-worker-2bfe39677d14.js","enabled_features":{"diff_ux_refresh_beta":false,"diff_inline_comments":true,"diff_ux_refresh_ssr_five":false,"diff_ux_refresh_ssr_ten":false,"react_diff_line_type_character_correction":true}}}

Commit a50e4fd

Browse files
tglsfdctglsfdc
committed
Prevent buffer overrun in read_tablespace_map().
Robert Foggia of Trustwave reported that read_tablespace_map() fails to prevent an overrun of its on-stack input buffer. Since the tablespace map file is presumed trustworthy, this does not seem like an interesting security vulnerability, but still we should fix it just in the name of robustness. While here, document that pg_basebackup's --tablespace-mapping option doesn't work with tar-format output, because it doesn't. To make it work, we'd have to modify the tablespace_map file within the tarball sent by the server, which might be possible but I'm not volunteering. (Less-painful solutions would require changing the basebackup protocol so that the source server could adjust the map. That's not very appetizing either.)
1 parent 081876d commit a50e4fd

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

doc/src/sgml/ref/pg_basebackup.sgml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,7 @@ PostgreSQL documentation
161161
tablespaces, the main data directory will be placed in the
162162
target directory, but all other tablespaces will be placed
163163
in the same absolute path as they have on the source server.
164+
(See <option>--tablespace-mapping</option> to change that.)
164165
</para>
165166
<para>
166167
This is the default format.
@@ -241,7 +242,12 @@ PostgreSQL documentation
241242
the main data directory are updated to point to the new location. So
242243
the new data directory is ready to be used for a new server instance
243244
with all tablespaces in the updated locations.
244-
</para>
245+
</para>
246+
247+
<para>
248+
Currently, this option only works with plain output format; it is
249+
ignored if tar format is selected.
250+
</para>
245251
</listitem>
246252
</varlistentry>
247253

src/backend/access/transam/xlog.c

Lines changed: 1 addition & 1 deletion
< 7225 div data-testid="addition diffstat" class="DiffSquares-module__diffSquare--h5kjy DiffSquares-module__addition--jeNtt">
Original file line numberDiff line numberDiff line change
@@ -11959,7 +11959,7 @@ read_tablespace_map(List **tablespaces)
1195911959
}
1196011960
else if ((ch == '\n' || ch == '\r') && prev_ch == '\\')
1196111961
str[i - 1] = ch;
11962-
else
11962+
else if (i < sizeof(str) - 1)
1196311963
str[i++] = ch;
1196411964
prev_ch = ch;
1196511965
}

0 commit comments

Comments
 (0)
0