diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-10-19 12:59:50 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-10-19 12:59:50 +0200 |
| commit | 1d7641d51a51aa00dff685022fab6c03be8f8af8 (patch) | |
| tree | a98a3ecbc69db183042717a8a9437e5da65ca901 /src/backend/parser/parse_target.c | |
| parent | fdd88571454e2b00dbe446e8609c6e4294ca89ae (diff) | |
| download | postgresql-1d7641d51a51aa00dff685022fab6c03be8f8af8.tar.gz postgresql-1d7641d51a51aa00dff685022fab6c03be8f8af8.zip | |
Fix sscanf limits in pg_basebackup and pg_dump
Make sure that the string parsing is limited by the size of the
destination buffer.
In pg_basebackup the available values sent from the server
is limited to two characters so there was no risk of overflow.
In pg_dump the buffer is bounded by MAXPGPATH, and thus the limit
must be inserted via preprocessor expansion and the buffer increased
by one to account for the terminator. There is no risk of overflow
here, since in this case, the buffer scanned is smaller than the
destination buffer.
Backpatch the pg_basebackup fix to 11 where it was introduced, and
the pg_dump fix all the way down to 9.6.
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/B14D3D7B-F98C-4E20-9459-C122C67647FB@yesql.se
Backpatch-through: 11 and 9.6
Diffstat (limited to 'src/backend/parser/parse_target.c')
0 files changed, 0 insertions, 0 deletions