← Back to branch summary

~ubuntu-branches/ubuntu/utopic/postgresql-9.4/utopic-security

« back to all changes in this revision

Viewing changes to contrib/pgcrypto/pgp-pgsql.c

  • Committer: Package Import Robot
  • Author(s): Martin Pitt, CVE-2014-8161
  • Date: 2015-02-06 12:31:46 UTC
  • mfrom: (1.1.5) (7.1.2 utopic-proposed)
  • Revision ID: package-import@ubuntu.com-20150206123146-vtmf30jbkm7w16p8
Tags: 9.4.1-0ubuntu0.14.10
https://launchpad.net/bugs/1418928
* New upstream security/bug fix release (LP: #1418928)
  - Fix buffer overruns in to_char() [CVE-2015-0241]
  - Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
  - Fix possible loss of frontend/backend protocol synchronization after an
    error [CVE-2015-0244]
  - Fix information leak via constraint-violation error messages
    [CVE-2014-8161]
  - See release notes for details about other fixes:
    http://www.postgresql.org/about/news/1569/

Show diffs side-by-side

added added

removed removed

Lines of Context:
contrib/pgcrypto/pgp-pgsql.c
241
241
                res = pgp_set_convert_crlf(ctx, atoi(val));
242
242
        else if (strcmp(key, "unicode-mode") == 0)
243
243
                res = pgp_set_unicode_mode(ctx, atoi(val));
244
 
        /* decrypt debug */
 
244
        /*
 
245
         * The remaining options are for debugging/testing and are therefore not
 
246
         * documented in the user-facing docs.
 
247
         */
245
248
        else if (ex != NULL && strcmp(key, "debug") == 0)
246
249
                ex->debug = atoi(val);
247
250
        else if (ex != NULL && strcmp(key, "expect-cipher-algo") == 0)