From 2111b409879eee6900aaa3107987f932524064ca Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 17 Mar 2021 16:10:38 -0400 Subject: Prevent buffer overrun in read_tablespace_map(). Robert Foggia of Trustwave reported that read_tablespace_map() fails to prevent an overrun of its on-stack input buffer. Since the tablespace map file is presumed trustworthy, this does not seem like an interesting security vulnerability, but still we should fix it just in the name of robustness. While here, document that pg_basebackup's --tablespace-mapping option doesn't work with tar-format output, because it doesn't. To make it work, we'd have to modify the tablespace_map file within the tarball sent by the server, which might be possible but I'm not volunteering. (Less-painful solutions would require changing the basebackup protocol so that the source server could adjust the map. That's not very appetizing either.) --- src/backend/access/transam/xlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/backend/access/transam/xlog.c') diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 2a79c2e3586..d8653a1e762 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -11485,7 +11485,7 @@ read_tablespace_map(List **tablespaces) } else if ((ch == '\n' || ch == '\r') && prev_ch == '\\') str[i - 1] = ch; - else + else if (i < sizeof(str) - 1) str[i++] = ch; prev_ch = ch; } -- cgit v1.2.3