Package: pgbouncer Version: 1.5.2-1 Severity: grave Tags: security pgbouncer 1.5.3-1 in experimental fixes a DoS situation where large database names can lead to server shutdown.
http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525 add_database: fail gracefully if too long db name author Marko Kreen <mark...@gmail.com> Mon, 10 Sep 2012 10:07:43 +0000 (13:07 +0300) Truncating & adding can lead to fatal() later. It was not an issue before, but with audodb (* in [databases] section) the database name can some from network, thus allowing remote shutdown.. src/objects.c diff --git a/src/objects.c b/src/objects.c index 3aeb36e..b61387f 100644 (file) --- a/src/objects.c +++ b/src/objects.c @@ -303,7 +303,11 @@ PgDatabase *add_database(const char *name) return NULL; list_init(&db->head); - safe_strcpy(db->name, name, sizeof(db->name)); + if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) { + log_warning("Too long db name: %s", name); + slab_free(db_cache, db); + return NULL; + } put_in_order(&db->head, &database_list, cmp_database); } Thanks to Markus Wanner for helping investigating the issue. Christoph -- c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature