forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commite75b5c8
committed
Reject CancelRequestPacket having unexpected length.
When the length was too short, the server read outside the allocation.That yielded the same log noise as sending the correct length with(backendPID,cancelAuthCode) matching nothing. Change to a message aboutthe unexpected length. Given the attacker's lack of control over thememory layout and the general lack of diversity in memory layouts at thecode in question, we doubt a would-be attacker could cause a segfault.Hence, while the report arrived via security@postgresql.org, this is nota vulnerability. Back-patch to v11 (all supported versions).Andrey Borodin, reviewed by Tom Lane. Reported by Andrey Borodin.1 parent6d066d5 commite75b5c8
1 file changed
+7
-0
lines changedLines changed: 7 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2000 | 2000 | | |
2001 | 2001 | | |
2002 | 2002 | | |
| 2003 | + | |
| 2004 | + | |
| 2005 | + | |
| 2006 | + | |
| 2007 | + | |
| 2008 | + | |
| 2009 | + | |
2003 | 2010 | | |
2004 | 2011 | | |
2005 | 2012 | | |
| |||
0 commit comments
Comments
(0)