Re: [PATCH] Fix small overread during SASLprep

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-09T18:30:07Z
Lists: pgsql-hackers
> On 9 Sep 2024, at 17:29, Jacob Champion <jacob.champion@enterprisedb.com> wrote:

> pg_utf8_string_len() doesn't check the remaining string length before
> calling pg_utf8_is_legal(), so there's a possibility of jumping a
> couple of bytes past the end of the string. (The overread stops there,
> because the function won't validate a sequence containing a null
> byte.)
> 
> Here's a quick patch to fix it. I didn't see any other uses of
> pg_utf8_is_legal() with missing length checks.

Just to make sure I understand, this is for guarding against overreads in
validation of strings containing torn MB characters?  Assuming I didn't
misunderstand you this patch seems correct to me.

--
Daniel Gustafsson




Commits

  1. Protect against small overread in SASLprep validation