Fix bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash

the server, if it has been compiled with Asserts enabled (CVE-2006-0553). Thanks to Akio Ishida for reporting this problem.
2025-08-19 23:22:23 +03:00 · 2006-02-12 22:33:14 +00:00
parent 9bb401cd73
commit df2c740c94
4 changed files with 21 additions and 10 deletions
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.105.4.2 2005/08/08 23:39:14 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.105.4.3 2006/02/12 22:33:14 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -619,7 +619,9 @@ assign_client_encoding(const char *value, bool doit, GucSource source)
 * by the numeric userid, followed by a comma, followed by the user name.
 * This cannot be confused with a plain user name because of the NAMEDATALEN
 * limit on names, so we can tell whether we're being passed an initial
- * username or a saved/restored value.
+ * username or a saved/restored value.  (NOTE: we rely on guc.c to have
+ * properly truncated any incoming value, but not to truncate already-stored
+ * values.  See GUC_IS_NAME processing.)
 */
 extern char *session_authorization_string;		/* in guc.c */