mirror of
https://github.com/postgres/postgres.git
synced 2025-07-07 00:36:50 +03:00
Fix bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash
the server, if it has been compiled with Asserts enabled (CVE-2006-0553). Thanks to Akio Ishida for reporting this problem.
This commit is contained in:
@ -9,7 +9,7 @@
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.71.2.3 2005/06/05 01:49:06 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.71.2.4 2006/02/12 22:33:46 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -532,6 +532,8 @@ show_server_encoding(void)
|
|||||||
* that can be re-used directly. We store the string in the form of
|
* that can be re-used directly. We store the string in the form of
|
||||||
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
|
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
|
||||||
* with any valid user name, because of the NAMEDATALEN limit on names.
|
* with any valid user name, because of the NAMEDATALEN limit on names.
|
||||||
|
* (NOTE: we rely on guc.c to have properly truncated any incoming value,
|
||||||
|
* but not to truncate already-stored values. See GUC_IS_NAME processing.)
|
||||||
*/
|
*/
|
||||||
const char *
|
const char *
|
||||||
assign_session_authorization(const char *value, bool doit, bool interactive)
|
assign_session_authorization(const char *value, bool doit, bool interactive)
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
* Encoding names and routines for work with it. All
|
* Encoding names and routines for work with it. All
|
||||||
* in this file is shared bedween FE and BE.
|
* in this file is shared bedween FE and BE.
|
||||||
*
|
*
|
||||||
* $Id: encnames.c,v 1.10.2.1 2002/12/09 17:45:17 momjian Exp $
|
* $Id: encnames.c,v 1.10.2.2 2006/02/12 22:33:47 tgl Exp $
|
||||||
*/
|
*/
|
||||||
#ifdef FRONTEND
|
#ifdef FRONTEND
|
||||||
#include "postgres_fe.h"
|
#include "postgres_fe.h"
|
||||||
@ -436,7 +436,7 @@ pg_char_to_encname_struct(const char *name)
|
|||||||
if (name == NULL || *name == '\0')
|
if (name == NULL || *name == '\0')
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (strlen(name) > NAMEDATALEN)
|
if (strlen(name) >= NAMEDATALEN)
|
||||||
{
|
{
|
||||||
#ifdef FRONTEND
|
#ifdef FRONTEND
|
||||||
fprintf(stderr, "pg_char_to_encname_struct(): encoding name too long");
|
fprintf(stderr, "pg_char_to_encname_struct(): encoding name too long");
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
* command, configuration file, and command line options.
|
* command, configuration file, and command line options.
|
||||||
* See src/backend/utils/misc/README for more information.
|
* See src/backend/utils/misc/README for more information.
|
||||||
*
|
*
|
||||||
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.99.2.5 2003/04/04 00:32:57 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.99.2.6 2006/02/12 22:33:47 tgl Exp $
|
||||||
*
|
*
|
||||||
* Copyright 2000 by PostgreSQL Global Development Group
|
* Copyright 2000 by PostgreSQL Global Development Group
|
||||||
* Written by Peter Eisentraut <peter_e@gmx.net>.
|
* Written by Peter Eisentraut <peter_e@gmx.net>.
|
||||||
@ -170,6 +170,7 @@ struct config_generic
|
|||||||
#define GUC_LIST_QUOTE 0x0002 /* double-quote list elements */
|
#define GUC_LIST_QUOTE 0x0002 /* double-quote list elements */
|
||||||
#define GUC_NO_SHOW_ALL 0x0004 /* exclude from SHOW ALL */
|
#define GUC_NO_SHOW_ALL 0x0004 /* exclude from SHOW ALL */
|
||||||
#define GUC_NO_RESET_ALL 0x0008 /* exclude from RESET ALL */
|
#define GUC_NO_RESET_ALL 0x0008 /* exclude from RESET ALL */
|
||||||
|
#define GUC_IS_NAME 0x0010 /* limit string to NAMEDATALEN-1 */
|
||||||
|
|
||||||
/* bit values in status field */
|
/* bit values in status field */
|
||||||
#define GUC_HAVE_TENTATIVE 0x0001 /* tentative value is defined */
|
#define GUC_HAVE_TENTATIVE 0x0001 /* tentative value is defined */
|
||||||
@ -736,7 +737,7 @@ static struct config_string
|
|||||||
ConfigureNamesString[] =
|
ConfigureNamesString[] =
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
{"client_encoding", PGC_USERSET}, &client_encoding_string,
|
{"client_encoding", PGC_USERSET, GUC_IS_NAME}, &client_encoding_string,
|
||||||
"SQL_ASCII", assign_client_encoding, NULL
|
"SQL_ASCII", assign_client_encoding, NULL
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -799,7 +800,7 @@ static struct config_string
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
{"server_encoding", PGC_USERSET}, &server_encoding_string,
|
{"server_encoding", PGC_USERSET, GUC_IS_NAME}, &server_encoding_string,
|
||||||
"SQL_ASCII", assign_server_encoding, show_server_encoding
|
"SQL_ASCII", assign_server_encoding, show_server_encoding
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -809,7 +810,7 @@ static struct config_string
|
|||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
{"session_authorization", PGC_USERSET, GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL},
|
{"session_authorization", PGC_USERSET, GUC_IS_NAME | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL},
|
||||||
&session_authorization_string,
|
&session_authorization_string,
|
||||||
NULL, assign_session_authorization, show_session_authorization
|
NULL, assign_session_authorization, show_session_authorization
|
||||||
},
|
},
|
||||||
@ -1907,6 +1908,18 @@ set_config_option(const char *name, const char *value,
|
|||||||
elog(elevel, "out of memory");
|
elog(elevel, "out of memory");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* The only sort of "parsing" check we need to do is
|
||||||
|
* apply truncation if GUC_IS_NAME.
|
||||||
|
*/
|
||||||
|
if (conf->gen.flags & GUC_IS_NAME)
|
||||||
|
{
|
||||||
|
int len;
|
||||||
|
|
||||||
|
len = pg_mbcliplen(newval, strlen(newval),
|
||||||
|
NAMEDATALEN-1);
|
||||||
|
newval[len] = '\0';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (conf->reset_val)
|
else if (conf->reset_val)
|
||||||
{
|
{
|
||||||
|
Reference in New Issue
Block a user