NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit2111b40

committed

Prevent buffer overrun in read_tablespace_map().

Robert Foggia of Trustwave reported that read_tablespace_map()fails to prevent an overrun of its on-stack input buffer.Since the tablespace map file is presumed trustworthy, this doesnot seem like an interesting security vulnerability, but stillwe should fix it just in the name of robustness.While here, document that pg_basebackup's --tablespace-mapping optiondoesn't work with tar-format output, because it doesn't. To make itwork, we'd have to modify the tablespace_map file within the tarballsent by the server, which might be possible but I'm not volunteering.(Less-painful solutions would require changing the basebackup protocolso that the source server could adjust the map. That's not veryappetizing either.)

1 parentb9ed856 commit2111b40Copy full SHA for 2111b40

File tree

2 files changed

-3

lines changed

doc/src/sgml/ref
- pg_basebackup.sgml
src/backend/access/transam
- xlog.c

2 files changed

-3

lines changed

`‎doc/src/sgml/ref/pg_basebackup.sgml`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,8 @@ PostgreSQL documentation`
`155`	`155`	`the target directory. If the cluster contains additional`
`156`	`156`	`tablespaces, the main data directory will be placed in the`
`157`	`157`	`target directory, but all other tablespaces will be placed`
`158`		`- in the same absolute path as they have on the server.`
	`158`	`+ in the same absolute path as they have on the source server.`
	`159`	`+ (See <option>--tablespace-mapping</option> to change that.)`
`159`	`160`	`</para>`
`160`	`161`	`<para>`
`161`	`162`	`This is the default format.`
`@@ -250,7 +251,12 @@ PostgreSQL documentation`
`250`	`251`	`the main data directory are updated to point to the new location. So`
`251`	`252`	`the new data directory is ready to be used for a new server instance`
`252`	`253`	`with all tablespaces in the updated locations.`
`253`		`- </para>`
	`254`	`+ </para>`
	`255`	`+`
	`256`	`+ <para>`
	`257`	`+ Currently, this option only works with plain output format; it is`
	`258`	`+ ignored if tar format is selected.`
	`259`	`+ </para>`
`254`	`260`	`</listitem>`
`255`	`261`	`</varlistentry>`
`256`	`262`

`‎src/backend/access/transam/xlog.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11485,7 +11485,7 @@ read_tablespace_map(List **tablespaces)`
`11485`	`11485`	`}`
`11486`	`11486`	`elseif ((ch=='\n'\|\|ch=='\r')&&prev_ch=='\\')`
`11487`	`11487`	`str[i-1]=ch;`
`11488`		`-else`
	`11488`	`+elseif (i<sizeof(str)-1)`
`11489`	`11489`	`str[i++]=ch;`
`11490`	`11490`	`prev_ch=ch;`
`11491`	`11491`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2111b40

File tree

2 files changed

2 files changed

`‎doc/src/sgml/ref/pg_basebackup.sgml`

`‎src/backend/access/transam/xlog.c`

0 commit comments