pgbouncer 1.5.3-1 in experimental fixes a DoS situation where large
database names can lead to server shutdown.
http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
add_database: fail gracefully if too long db name
author Marko Kreen <markokr@gmail.com>
Mon, 10 Sep 2012 10:07:43 +0000 (13:07 +0300)
Truncating & adding can lead to fatal() later.
It was not an issue before, but with audodb (* in [databases] section)
the database name can some from network, thus allowing remote shutdown..
src/objects.c
diff --git a/src/objects.c b/src/objects.c
index 3aeb36e..b61387f 100644 (file)
--- a/src/objects.c
+++ b/src/objects.c
@@ -303,7 +303,11 @@ PgDatabase *add_database(const char *name)
return NULL;
list_init(&db->head);
- safe_strcpy(db->name, name, sizeof(db->name));
+ if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
+ log_warning("Too long db name: %s", name);
+ slab_free(db_cache, db);
+ return NULL;
+ }
put_in_order(&db->head, &database_list, cmp_database);
}
Thanks to Markus Wanner for helping investigating the issue.
Christoph