Prevent stack overflow in json-related functions.

Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an application constructs PostgreSQL json or jsonb values from arbitrary user input, application users could have exploited this to terminate all active database connections. That applies to 9.3, where the json parser adopted recursive descent, and later versions. Only row_to_json() and array_to_json() were at risk in 9.2, both in a non-security capacity. Back-patch to 9.2, where the json type was introduced. Oskari Saarenmaa, reviewed by Michael Paquier. Security: CVE-2015-5289
author: Noah Misch <noah@leadboat.com> 2015-10-05 10:06:29 -0400
committer: Noah Misch <noah@leadboat.com> 2015-10-05 10:06:29 -0400
commit: 08fa47c4850cea32c3116665975bca219fbf2fe6 (patch)
tree: c16349140a08476f92c6034d472c67e7e3d3efc2 /src/backend/utils/adt/jsonb.c
parent: 1d812c8b059d0b9b1fba4a459c9876de0f6259b6 (diff)
download: postgresql-08fa47c4850cea32c3116665975bca219fbf2fe6.tar.gz
postgresql-08fa47c4850cea32c3116665975bca219fbf2fe6.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/utils/adt/jsonb.c b/src/backend/utils/adt/jsonb.c
index f0f1651e9da..8fef35ea38a 100644
--- a/src/backend/utils/adt/jsonb.c
+++ b/src/backend/utils/adt/jsonb.c
@@ -712,6 +712,8 @@ datum_to_jsonb(Datum val, bool is_null, JsonbInState *result,
 	JsonbValue	jb;
 	bool		scalar_jsonb = false;
 
+	check_stack_depth();
+
 	if (is_null)
 	{
 		Assert(!key_scalar);
author	Noah Misch <noah@leadboat.com>	2015-10-05 10:06:29 -0400
committer	Noah Misch <noah@leadboat.com>	2015-10-05 10:06:29 -0400
commit	08fa47c4850cea32c3116665975bca219fbf2fe6 (patch)
tree	c16349140a08476f92c6034d472c67e7e3d3efc2 /src/backend/utils/adt/jsonb.c
parent	1d812c8b059d0b9b1fba4a459c9876de0f6259b6 (diff)
download	postgresql-08fa47c4850cea32c3116665975bca219fbf2fe6.tar.gz postgresql-08fa47c4850cea32c3116665975bca219fbf2fe6.zip