Prevent stack overflow in json-related functions.

Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an application constructs PostgreSQL json or jsonb values from arbitrary user input, application users could have exploited this to terminate all active database connections. That applies to 9.3, where the json parser adopted recursive descent, and later versions. Only row_to_json() and array_to_json() were at risk in 9.2, both in a non-security capacity. Back-patch to 9.2, where the json type was introduced. Oskari Saarenmaa, reviewed by Michael Paquier. Security: CVE-2015-5289
author: Noah Misch <noah@leadboat.com> 2015-10-05 10:06:29 -0400
committer: Noah Misch <noah@leadboat.com> 2015-10-05 10:06:33 -0400
commit: 98f30d2e55d530ff47b2756b395a2048200a5ea4 (patch)
tree: cdf40b9c065524cf3173d9b17ad3c2a0359820f5 /src/backend/utils/adt/jsonfuncs.c
parent: 4d6752277e792386e54b036aee8f64ee4fa84cf1 (diff)
download: postgresql-98f30d2e55d530ff47b2756b395a2048200a5ea4.tar.gz
postgresql-98f30d2e55d530ff47b2756b395a2048200a5ea4.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/utils/adt/jsonfuncs.c b/src/backend/utils/adt/jsonfuncs.c
index 01b6bb0a483..f33864e619d 100644
--- a/src/backend/utils/adt/jsonfuncs.c
+++ b/src/backend/utils/adt/jsonfuncs.c
@@ -3724,6 +3724,8 @@ setPath(JsonbIterator **it, Datum *path_elems,
 	JsonbValue *res = NULL;
 	int			r;
 
+	check_stack_depth();
+
 	if (path_nulls[level])
 		elog(ERROR, "path element at the position %d is NULL", level + 1);
author	Noah Misch <noah@leadboat.com>	2015-10-05 10:06:29 -0400
committer	Noah Misch <noah@leadboat.com>	2015-10-05 10:06:33 -0400
commit	98f30d2e55d530ff47b2756b395a2048200a5ea4 (patch)
tree	cdf40b9c065524cf3173d9b17ad3c2a0359820f5 /src/backend/utils/adt/jsonfuncs.c
parent	4d6752277e792386e54b036aee8f64ee4fa84cf1 (diff)
download	postgresql-98f30d2e55d530ff47b2756b395a2048200a5ea4.tar.gz postgresql-98f30d2e55d530ff47b2756b395a2048200a5ea4.zip