← Back to branch summary

~ubuntu-branches/ubuntu/utopic/postgresql-9.4/utopic-security

« back to all changes in this revision

Viewing changes to src/backend/storage/file/reinit.c

  • Committer: Package Import Robot
  • Author(s): Martin Pitt, CVE-2014-8161
  • Date: 2015-02-06 12:31:46 UTC
  • mfrom: (1.1.5) (7.1.2 utopic-proposed)
  • Revision ID: package-import@ubuntu.com-20150206123146-vtmf30jbkm7w16p8
Tags: 9.4.1-0ubuntu0.14.10
https://launchpad.net/bugs/1418928
* New upstream security/bug fix release (LP: #1418928)
  - Fix buffer overruns in to_char() [CVE-2015-0241]
  - Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
  - Fix possible loss of frontend/backend protocol synchronization after an
    error [CVE-2015-0244]
  - Fix information leak via constraint-violation error messages
    [CVE-2014-8161]
  - See release notes for details about other fixes:
    http://www.postgresql.org/about/news/1569/

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/backend/storage/file/reinit.c
339
339
                }
340
340
 
341
341
                FreeDir(dbspace_dir);
 
342
 
 
343
                /*
 
344
                 * copy_file() above has already called pg_flush_data() on the
 
345
                 * files it created. Now we need to fsync those files, because
 
346
                 * a checkpoint won't do it for us while we're in recovery. We
 
347
                 * do this in a separate pass to allow the kernel to perform
 
348
                 * all the flushes (especially the metadata ones) at once.
 
349
                 */
 
350
                dbspace_dir = AllocateDir(dbspacedirname);
 
351
                if (dbspace_dir == NULL)
 
352
                {
 
353
                        /* we just saw this directory, so it really ought to be there */
 
354
                        elog(LOG,
 
355
                                 "could not open dbspace directory \"%s\": %m",
 
356
                                 dbspacedirname);
 
357
                        return;
 
358
                }
 
359
 
 
360
                while ((de = ReadDir(dbspace_dir, dbspacedirname)) != NULL)
 
361
                {
 
362
                        ForkNumber      forkNum;
 
363
                        int                     oidchars;
 
364
                        char            oidbuf[OIDCHARS + 1];
 
365
                        char            mainpath[MAXPGPATH];
 
366
 
 
367
                        /* Skip anything that doesn't look like a relation data file. */
 
368
                        if (!parse_filename_for_nontemp_relation(de->d_name, &oidchars,
 
369
                                                                                                         &forkNum))
 
370
                                continue;
 
371
 
 
372
                        /* Also skip it unless this is the init fork. */
 
373
                        if (forkNum != INIT_FORKNUM)
 
374
                                continue;
 
375
 
 
376
                        /* Construct main fork pathname. */
 
377
                        memcpy(oidbuf, de->d_name, oidchars);
 
378
                        oidbuf[oidchars] = '\0';
 
379
                        snprintf(mainpath, sizeof(mainpath), "%s/%s%s",
 
380
                                         dbspacedirname, oidbuf, de->d_name + oidchars + 1 +
 
381
                                         strlen(forkNames[INIT_FORKNUM]));
 
382
 
 
383
                        fsync_fname(mainpath, false);
 
384
                }
 
385
 
 
386
                FreeDir(dbspace_dir);
 
387
 
 
388
                fsync_fname((char *) dbspacedirname, true);
342
389
        }
343
390
}
344
391