diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-02-12 22:33:29 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-02-12 22:33:29 +0000 |
| commit | 7ef174c032117d433e114779e4e33024c6d365cc (patch) | |
| tree | cf1437027d6150cfa32b63caacad559fb9c03108 /src/backend/utils | |
| parent | 86b2da894af2ff266947e6fc5d18d621e0d9119f (diff) | |
| download | postgresql-7ef174c032117d433e114779e4e33024c6d365cc.tar.gz postgresql-7ef174c032117d433e114779e4e33024c6d365cc.zip | |
Fix bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash
the server, if it has been compiled with Asserts enabled (CVE-2006-0553).
Thanks to Akio Ishida for reporting this problem.
Diffstat (limited to 'src/backend/utils')
| -rw-r--r-- | src/backend/utils/mb/encnames.c | 4 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 16 |
2 files changed, 14 insertions, 6 deletions
diff --git a/src/backend/utils/mb/encnames.c b/src/backend/utils/mb/encnames.c index 86b3bfa6cbc..a114ff6e26a 100644 --- a/src/backend/utils/mb/encnames.c +++ b/src/backend/utils/mb/encnames.c @@ -2,7 +2,7 @@ * Encoding names and routines for work with it. All * in this file is shared bedween FE and BE. * - * $Id: encnames.c,v 1.17 2003/07/25 20:17:55 tgl Exp $ + * $Id: encnames.c,v 1.17.4.1 2006/02/12 22:33:28 tgl Exp $ */ #ifdef FRONTEND #include "postgres_fe.h" @@ -434,7 +434,7 @@ pg_char_to_encname_struct(const char *name) if (name == NULL || *name == '\0') return NULL; - if (strlen(name) > NAMEDATALEN) + if (strlen(name) >= NAMEDATALEN) { #ifdef FRONTEND fprintf(stderr, "encoding name too long\n"); diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 4391c12ebd0..c5887f79806 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut <peter_e@gmx.net>. * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.164.2.3 2004/08/11 21:10:52 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.164.2.4 2006/02/12 22:33:28 tgl Exp $ * *-------------------------------------------------------------------- */ @@ -44,6 +44,7 @@ #include "optimizer/prep.h" #include "parser/parse_expr.h" #include "parser/parse_relation.h" +#include "parser/scansup.h" #include "storage/fd.h" #include "storage/freespace.h" #include "storage/lock.h" @@ -1284,7 +1285,7 @@ static struct config_string ConfigureNamesString[] = {"client_encoding", PGC_USERSET, CLIENT_CONN_LOCALE, gettext_noop("Sets the client's character set encoding."), NULL, - GUC_REPORT + GUC_IS_NAME | GUC_REPORT }, &client_encoding_string, "SQL_ASCII", assign_client_encoding, NULL @@ -1475,7 +1476,7 @@ static struct config_string ConfigureNamesString[] = {"server_encoding", PGC_INTERNAL, CLIENT_CONN_LOCALE, gettext_noop("Sets the server (database) character set encoding."), NULL, - GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE + GUC_IS_NAME | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE }, &server_encoding_string, "SQL_ASCII", NULL, NULL @@ -1497,7 +1498,7 @@ static struct config_string ConfigureNamesString[] = {"session_authorization", PGC_USERSET, UNGROUPED, gettext_noop("Shows the session user name."), NULL, - GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE + GUC_IS_NAME | GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE }, &session_authorization_string, NULL, assign_session_authorization, show_session_authorization @@ -2831,6 +2832,13 @@ set_config_option(const char *name, const char *value, return false; } + /* + * The only sort of "parsing" check we need to do is + * apply truncation if GUC_IS_NAME. + */ + if (conf->gen.flags & GUC_IS_NAME) + truncate_identifier(newval, strlen(newval), true); + if (record->context == PGC_USERLIMIT && *conf->variable) { |