[PATCH] Fix small overread during SASLprep

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-09T15:29:17Z
Lists: pgsql-hackers

Attachments

Hi all,

pg_utf8_string_len() doesn't check the remaining string length before
calling pg_utf8_is_legal(), so there's a possibility of jumping a
couple of bytes past the end of the string. (The overread stops there,
because the function won't validate a sequence containing a null
byte.)

Here's a quick patch to fix it. I didn't see any other uses of
pg_utf8_is_legal() with missing length checks.

Thanks,
--Jacob

Commits

  1. Protect against small overread in SASLprep validation