On 2009-05-05, Sikkerhed.org ApS <supp...@sikkerhed.org> wrote: > > The following bug has been logged online: > > Bug reference: 4791 > Logged by: Sikkerhed.org ApS > Email address: supp...@sikkerhed.org > PostgreSQL version: 8.3.7-0lenny1 > Operating system: Debian GNU/Linux 5.0.1 stable (fully updated) > Description: NULL value in function causes reproducible segmentation > fault > Details: > > We are using a couple of functions in PostgreSQL, namely > > CREATE OR REPLACE FUNCTION digest(text, text) RETURNS bytea AS > '$libdir/pgcrypto', 'pg_digest' LANGUAGE 'C'; > > CREATE OR REPLACE FUNCTION sha1(text) RETURNS text AS 'SELECT > ENCODE(DIGEST($1, ''sha1''), ''hex'') AS result' LANGUAGE 'SQL'; > > > We experienced a bad crash on our production server, and narrowed it down to > a reproducible test case. > > The following query will crash the server every time: > > SELECT SHA1(NULL); > > Please let us know if you require more information.
AFAICT this exploits a documented feature of the 'C' language, namely if you crash the C the backend is compromised. the fix is easy: CREATE OR REPLACE FUNCTION digest(text, text) RETURNS bytea AS '$libdir/pgcrypto', 'pg_digest' LANGUAGE 'C' RETURNS NULL ON NULL INPUT ; -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
