NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit390b3cb

committed

Protect against small overread in SASLprep validation

In case of torn UTF8 in the input data we might end up goingpast the end of the string since we don't account for length.While validation won't be performed on a sequence with a NULLbyte it's better to avoid going past the end to beging with.Fix by taking the length into consideration.Author: Jacob Champion <jacob.champion@enterprisedb.com>Reviewed-by: Daniel Gustafsson <daniel@yesql.se>Discussion:https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com

1 parent56fead4 commit390b3cbCopy full SHA for 390b3cb

File tree

1 file changed

-2

lines changed

src/common
- saslprep.c

1 file changed

-2

lines changed

`‎src/common/saslprep.c`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1004,15 +1004,17 @@ pg_utf8_string_len(const char *source)`
`1004`	`1004`	`constunsignedcharp= (constunsignedchar)source;`
`1005`	`1005`	`intl;`
`1006`	`1006`	`intnum_chars=0;`
	`1007`	`+size_tlen=strlen(source);`
`1007`	`1008`
`1008`		`-while (*p)`
	`1009`	`+while (len)`
`1009`	`1010`	`{`
`1010`	`1011`	`l=pg_utf_mblen(p);`
`1011`	`1012`
`1012`		`-if (!pg_utf8_islegal(p,l))`
	`1013`	`+if (len<l\|\|!pg_utf8_islegal(p,l))`
`1013`	`1014`	`return-1;`
`1014`	`1015`
`1015`	`1016`	`p+=l;`
	`1017`	`+len-=l;`
`1016`	`1018`	`num_chars++;`
`1017`	`1019`	`}`
`1018`	`1020`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit390b3cb

File tree

1 file changed

1 file changed

`‎src/common/saslprep.c`

0 commit comments