mirror of
https://github.com/postgres/postgres.git
synced 2026-04-14 21:47:31 -04:00
0776cb2116
are shared with Tcl, since it's their code to begin with, and the patches have been copied from Tcl 8.5.0. Problems: CVE-2007-4769: Inadequate check on the range of backref numbers allows crash due to out-of-bounds read. CVE-2007-4772: Infinite loop in regex optimizer for pattern '($|^)*'. CVE-2007-6067: Very slow optimizer cleanup for regex with a large NFA representation, as well as crash if we encounter an out-of-memory condition during NFA construction. Part of the response to CVE-2007-6067 is to put a limit on the number of states in the NFA representation of a regex. This seems needed even though the within-the-code problems have been corrected, since otherwise the code could try to use very large amounts of memory for a suitably-crafted regex, leading to potential DOS by driving the system into swap, activating a kernel OOM killer, etc. Although there are certainly plenty of ways to drive the system into effective DOS with poorly-written SQL queries, these problems seem worth treating as security issues because many applications might accept regex search patterns from untrustworthy sources. Thanks to Will Drewry of Google for reporting these problems. Patches by Will Drewry and Tom Lane. Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067 |
||
|---|---|---|
| .. | ||
| access | ||
| bootstrap | ||
| catalog | ||
| commands | ||
| executor | ||
| lib | ||
| libpq | ||
| mb | ||
| nodes | ||
| optimizer | ||
| parser | ||
| port | ||
| regex | ||
| rewrite | ||
| storage | ||
| tcop | ||
| utils | ||
| c.h | ||
| fmgr.h | ||
| funcapi.h | ||
| getaddrinfo.h | ||
| getopt_long.h | ||
| Makefile | ||
| miscadmin.h | ||
| pg_config.h.in | ||
| pg_config.h.win32 | ||
| pg_config_manual.h | ||
| pgstat.h | ||
| port.h | ||
| postgres.h | ||
| postgres_ext.h | ||
| postgres_fe.h | ||
| rusagestub.h | ||
| strdup.h | ||