pg_stash_advice: Reject overlong stash names in dump file.

Otherwise, the server will crash. This can only happen if the dump
file has been corrupted or manually altered, but we should still
defend against it.

Reported-by: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Co-authored-by: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Co-authored-by: Robert Haas <rhaas@postgresql.org>
Discussion: http://postgr.es/m/CAJTYsWWYhcEx1YqC=B331-Df9EpD8MxzwswWL0okz9LLCUUpBA@mail.gmail.com

diff --git a/contrib/pg_stash_advice/stashpersist.c b/contrib/pg_stash_advice/stashpersist.c
index 008f8d25b48d572cb9ba2becedf204bc79acdbd1..5bdf4bddaaeb7b49de4011dcf571c8ad4291f089 100644 (file)
--- a/contrib/pg_stash_advice/stashpersist.c
+++ b/contrib/pg_stash_advice/stashpersist.c
@@ -374,6 +374,13 @@ pgsa_read_from_disk(void)
                                                 errmsg("syntax error in file \"%s\" line %u: expected end of line",
                                                                PGSA_DUMP_FILE, lineno)));
 
+                       /* Reject overlong stash names. */
+                       if (strlen(name) >= NAMEDATALEN)
+                               ereport(ERROR,
+                                               (errcode(ERRCODE_DATA_CORRUPTED),
+                                                errmsg("syntax error in file \"%s\" line %u: stash name too long",
+                                                               PGSA_DUMP_FILE, lineno)));
+
                        /* Duplicate check. */
                        (void) pgsa_saved_stash_table_insert(saved_stashes, name, &found);
                        if (found)