[PATCH] Fix small overread during SASLprep
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-09T15:29:17Z
Lists: pgsql-hackers
Attachments
- pg_utf8_string_len-honor-null-terminators.patch (application/octet-stream) patch
Hi all, pg_utf8_string_len() doesn't check the remaining string length before calling pg_utf8_is_legal(), so there's a possibility of jumping a couple of bytes past the end of the string. (The overread stops there, because the function won't validate a sequence containing a null byte.) Here's a quick patch to fix it. I didn't see any other uses of pg_utf8_is_legal() with missing length checks. Thanks, --Jacob
Commits
-
Protect against small overread in SASLprep validation
- 3bb339fa2c9f 14.21 landed
- ff1d5810e907 15.16 landed
- 46aaec4c0e6d 16.12 landed
- 5d61bdd11448 17.8 landed
- 390b3cbbb2af 18.0 landed