]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cc1210f) | patch
Prevent stack overflow in json-related functions.
authorNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
committerNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:34 +0000 (10:06 -0400)
commitf8862172e6519b82e66c51baa5b87e29847db2b9
treee72cb14f7bf272f0e2e3b3d8056bdba9f20c58d2tree | snapshot
parentcc1210f0aa441cd0825380ed3fddfeadb6f6533fcommit | diff
Prevent stack overflow in json-related functions.

Sufficiently-deep recursion heretofore elicited a SIGSEGV.  If an
application constructs PostgreSQL json or jsonb values from arbitrary
user input, application users could have exploited this to terminate all
active database connections.  That applies to 9.3, where the json parser
adopted recursive descent, and later versions.  Only row_to_json() and
array_to_json() were at risk in 9.2, both in a non-security capacity.
Back-patch to 9.2, where the json type was introduced.

Oskari Saarenmaa, reviewed by Michael Paquier.

Security: CVE-2015-5289
src/backend/utils/adt/json.c diff | blob | blame | history
src/test/regress/expected/json.out diff | blob | blame | history
src/test/regress/expected/json_1.out diff | blob | blame | history
src/test/regress/sql/json.sql diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git