From ffb649d04322db8c3e218ee1a4499e202657375d Mon Sep 17 00:00:00 2001 From: Kang Kai Date: Wed, 29 Oct 2014 08:30:58 +0800 Subject: postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory Coverity identified a number of places in which it couldn't prove that a string being copied into a fixed-size buffer would fit. We believe that most, perhaps all of these are in fact safe, or are copying data that is coming from a trusted source so that any overrun is not really a security issue. Nonetheless it seems prudent to forestall any risk by using strlcpy() and similar functions. Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports. In addition, fix a potential null-pointer-dereference crash in contrib/chkpass. The crypt(3) function is defined to return NULL on failure, but chkpass.c didn't check for that before using the result. The main practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). This ideally should've been a separate commit, but since it touches code adjacent to one of the buffer overrun changes, I included it in this commit to avoid last-minute merge issues. This issue was reported by Honza Horak. Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt() https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 Signed-off-by: Yue Tao Signed-off-by: Kai Kang Signed-off-by: Martin Jansa --- meta-oe/recipes-support/postgresql/postgresql.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-oe/recipes-support/postgresql/postgresql.inc') diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc index ce31205079..1397f564de 100644 --- a/meta-oe/recipes-support/postgresql/postgresql.inc +++ b/meta-oe/recipes-support/postgresql/postgresql.inc @@ -37,6 +37,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \ file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \ file://0006-Fix-handling-of-wide-datetime-input-output.patch \ file://0007-Make-pqsignal-available-to-pg_regress-of-ECPG-and-is.patch \ + file://0008-Prevent-potential-overruns-of-fixed-size-buffers.patch \ " LEAD_SONAME = "libpq.so" -- cgit v1.2.3-54-g00ecf