Commit a50e4fd0 authored by Tom Lane's avatar Tom Lane

Prevent buffer overrun in read_tablespace_map().

Robert Foggia of Trustwave reported that read_tablespace_map()
fails to prevent an overrun of its on-stack input buffer.
Since the tablespace map file is presumed trustworthy, this does
not seem like an interesting security vulnerability, but still
we should fix it just in the name of robustness.

While here, document that pg_basebackup's --tablespace-mapping option
doesn't work with tar-format output, because it doesn't.  To make it
work, we'd have to modify the tablespace_map file within the tarball
sent by the server, which might be possible but I'm not volunteering.
(Less-painful solutions would require changing the basebackup protocol
so that the source server could adjust the map.  That's not very
appetizing either.)
parent 081876d7
...@@ -161,6 +161,7 @@ PostgreSQL documentation ...@@ -161,6 +161,7 @@ PostgreSQL documentation
tablespaces, the main data directory will be placed in the tablespaces, the main data directory will be placed in the
target directory, but all other tablespaces will be placed target directory, but all other tablespaces will be placed
in the same absolute path as they have on the source server. in the same absolute path as they have on the source server.
(See <option>--tablespace-mapping</option> to change that.)
</para> </para>
<para> <para>
This is the default format. This is the default format.
...@@ -242,6 +243,11 @@ PostgreSQL documentation ...@@ -242,6 +243,11 @@ PostgreSQL documentation
the new data directory is ready to be used for a new server instance the new data directory is ready to be used for a new server instance
with all tablespaces in the updated locations. with all tablespaces in the updated locations.
</para> </para>
<para>
Currently, this option only works with plain output format; it is
ignored if tar format is selected.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
......
...@@ -11959,7 +11959,7 @@ read_tablespace_map(List **tablespaces) ...@@ -11959,7 +11959,7 @@ read_tablespace_map(List **tablespaces)
} }
else if ((ch == '\n' || ch == '\r') && prev_ch == '\\') else if ((ch == '\n' || ch == '\r') && prev_ch == '\\')
str[i - 1] = ch; str[i - 1] = ch;
else else if (i < sizeof(str) - 1)
str[i++] = ch; str[i++] = ch;
prev_ch = ch; prev_ch = ch;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment