database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-23 03:21:12 +03:00
Code Activity

Protect against small overread in SASLprep validation

Browse Source 
In case of torn UTF8 in the input data we might end up going
past the end of the string since we don't account for length.
While validation won't be performed on a sequence with a NULL
byte it's better to avoid going past the end to beging with.
Fix by taking the length into consideration.

Author: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com
This commit is contained in:
Daniel Gustafsson
2024-09-10 11:02:28 +02:00
parent 56fead44dc
commit 390b3cbbb2
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/saslprep.c
View File

@ -1004,15 +1004,17 @@ pg_utf8_string_len(const char *source)
const unsigned char *p = (const unsigned char *) source; const unsigned char *p = (const unsigned char *) source;
int l; int l;
int num_chars = 0; int num_chars = 0;
size_t len = strlen(source);
while (*p) while (len)
{ {
l = pg_utf_mblen(p); l = pg_utf_mblen(p);
if (!pg_utf8_islegal(p, l)) if (len < l || !pg_utf8_islegal(p, l))
return -1; return -1;
p += l; p += l;
len -= l;
num_chars++; num_chars++;
} }