pgsql: libpq: Prevent some overflows of int/size_t
| От | Jacob Champion |
|---|---|
| Тема | pgsql: libpq: Prevent some overflows of int/size_t |
| Дата | |
| Msg-id | E1vISp7-005veH-2T@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
libpq: Prevent some overflows of int/size_t Several functions could overflow their size calculations, when presented with very large inputs from remote and/or untrusted locations, and then allocate buffers that were too small to hold the intended contents. Switch from int to size_t where appropriate, and check for overflow conditions when the inputs could have plausibly originated outside of the libpq trust boundary. (Overflows from within the trust boundary are still possible, but these will be fixed separately.) A version of add_size() is ported from the backend to assist with code that performs more complicated concatenation. Reported-by: Aleksey Solovev (Positive Technologies) Reviewed-by: Noah Misch <noah@leadboat.com> Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de> Security: CVE-2025-12818 Backpatch-through: 13 Branch ------ REL_16_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/585fd9b3c617db9adeb717c3def6f64aad2135cc Modified Files -------------- src/interfaces/libpq/fe-connect.c | 17 +++++- src/interfaces/libpq/fe-exec.c | 101 ++++++++++++++++++++++++++++++------ src/interfaces/libpq/fe-print.c | 61 ++++++++++++++++++++-- src/interfaces/libpq/fe-protocol3.c | 67 ++++++++++++++++++++---- src/interfaces/libpq/libpq-int.h | 11 +++- 5 files changed, 224 insertions(+), 33 deletions(-)
В списке pgsql-committers по дате отправления: