Prevent a double free by not reentering be_tls_close().
Reentering this function with the right timing caused a double free,
typically crashing the backend. By synchronizing a disconnection with
the authentication timeout, an unauthenticated attacker could achieve
this somewhat consistently. Call be_tls_close() solely from within
proc_exit_prepare(). Back-patch to 9.0 (all supported versions).
Benkocs Norbert Attila
Security: CVE-2015-3165
Branch
------
REL9_0_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/648e41a6e480dae85a5aa0c90e36487c7f09a229
Modified Files
--------------
src/backend/libpq/be-secure.c | 5 -----
src/backend/libpq/pqcomm.c | 23 ++++++++++++++++++-----
src/backend/postmaster/postmaster.c | 11 ++++++++++-
3 files changed, 28 insertions(+), 11 deletions(-)
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
✖
By continuing to browse this website, you agree to the use of cookies. Go to Privacy Policy.
