git.postgresql.org Git - postgresql.git/commit

author	Noah Misch <noah@leadboat.com>
	Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
committer	Noah Misch <noah@leadboat.com>
	Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
commit	08fa47c4850cea32c3116665975bca219fbf2fe6
tree	c16349140a08476f92c6034d472c67e7e3d3efc2	tree
parent	1d812c8b059d0b9b1fba4a459c9876de0f6259b6	commit \| diff

Prevent stack overflow in json-related functions.

Sufficiently-deep recursion heretofore elicited a SIGSEGV.  If an
application constructs PostgreSQL json or jsonb values from arbitrary
user input, application users could have exploited this to terminate all
active database connections.  That applies to 9.3, where the json parser
adopted recursive descent, and later versions.  Only row_to_json() and
array_to_json() were at risk in 9.2, both in a non-security capacity.
Back-patch to 9.2, where the json type was introduced.

Oskari Saarenmaa, reviewed by Michael Paquier.

Security: CVE-2015-5289

src/backend/utils/adt/json.c		diff \| blob \| blame \| history
src/backend/utils/adt/jsonb.c		diff \| blob \| blame \| history
src/backend/utils/adt/jsonfuncs.c		diff \| blob \| blame \| history
src/test/regress/expected/json.out		diff \| blob \| blame \| history
src/test/regress/expected/json_1.out		diff \| blob \| blame \| history
src/test/regress/expected/jsonb.out		diff \| blob \| blame \| history
src/test/regress/expected/jsonb_1.out		diff \| blob \| blame \| history
src/test/regress/sql/json.sql		diff \| blob \| blame \| history
src/test/regress/sql/jsonb.sql		diff \| blob \| blame \| history