From 7ef174c032117d433e114779e4e33024c6d365cc Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 12 Feb 2006 22:33:29 +0000 Subject: Fix bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (CVE-2006-0553). Thanks to Akio Ishida for reporting this problem. --- src/backend/commands/variable.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/backend/commands/variable.c') diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 7261c8e49b4..d88f8059b79 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.88.2.2 2005/06/05 01:48:55 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.88.2.3 2006/02/12 22:33:28 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -736,7 +736,9 @@ assign_client_encoding(const char *value, bool doit, bool interactive) * by the numeric userid, followed by a comma, followed by the user name. * This cannot be confused with a plain user name because of the NAMEDATALEN * limit on names, so we can tell whether we're being passed an initial - * username or a saved/restored value. + * username or a saved/restored value. (NOTE: we rely on guc.c to have + * properly truncated any incoming value, but not to truncate already-stored + * values. See GUC_IS_NAME processing.) */ extern char *session_authorization_string; /* in guc.c */ -- cgit v1.2.3