mirror of https://git.postgresql.org/git/postgresql.git synced 2026-02-15 02:46:59 +08:00

Go to file

Michael Paquier 209f387b81 pgcrypto: Fix buffer overflow in pgp_pub_decrypt_bytea()

pgp_pub_decrypt_bytea() was missing a safeguard for the session key
length read from the message data, that can be given in input of
pgp_pub_decrypt_bytea().  This can result in the possibility of a buffer
overflow for the session key data, when the length specified is longer
than PGP_MAX_KEY, which is the maximum size of the buffer where the
session data is copied to.

A script able to rebuild the message and key data that can trigger the
overflow is included in this commit, based on some contents provided by
the reporter, heavily editted by me.  A SQL test is added, based on the
data generated by the script.

Reported-by: Team Xint Code as part of zeroday.cloud
Author: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Noah Misch <noah@leadboat.com>
Security: CVE-2026-2005
Backpatch-through: 14

2026-02-09 08:01:05 +09:00

.github

Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, and SECURITY.md.

2024-07-02 13:03:58 -05:00

config

Don't put library-supplied -L/-I switches before user-supplied ones.

2025-07-29 15:17:40 -04:00

contrib

pgcrypto: Fix buffer overflow in pgp_pub_decrypt_bytea()

2026-02-09 08:01:05 +09:00

doc

Release notes for 18.2, 17.8, 16.12, 15.16, 14.21.

2026-02-08 13:00:40 -05:00

src

Translation updates

2026-02-08 15:07:02 +01:00

.abi-compliance-history

Placate ABI checker.

2026-02-07 11:47:57 +13:00

.cirrus.star

ci: Simplify ci-os-only handling

2025-08-14 12:09:53 -04:00

.cirrus.tasks.yml

Fix typo

2026-01-07 15:48:45 +01:00

.cirrus.yml

ci: Per-repo configuration for manually trigger tasks

2025-08-14 11:33:44 -04:00

.dir-locals.el

Make Emacs perl-mode indent more like perltidy.

2019-01-13 11:32:31 -08:00

.editorconfig

Add script to keep .editorconfig in sync with .gitattributes

2025-02-01 10:09:45 +01:00

.git-blame-ignore-revs

Add previous commit to .git-blame-ignore-revs.

2025-10-21 10:02:19 -05:00

.gitattributes

Fix git whitespace warning

2025-08-15 10:32:22 +02:00

.gitignore

Update top-level .gitignore.

2022-12-04 15:23:00 -05:00

.mailmap

Add a Git .mailmap file

2024-11-05 13:56:02 +01:00

aclocal.m4

autoconf: Move export_dynamic determination to configure

2022-12-06 18:55:28 -08:00

configure

Stamp 18.1.

2025-11-10 16:52:06 -05:00

configure.ac

Stamp 18.1.

2025-11-10 16:52:06 -05:00

Update copyright for 2026

2026-01-01 13:24:10 -05:00

GNUmakefile.in

Allow selecting the git revision to be packaged by "make dist".

2024-05-03 11:08:50 -04:00

HISTORY

Canonicalize some URLs

2020-02-10 20:47:50 +01:00

Makefile

Adapt REL_18_STABLE to its new status as a stable branch

2025-06-29 23:00:00 -04:00

meson_options.txt

Add support for basic NUMA awareness

2025-04-07 23:08:17 +02:00

meson.build

meson: host_system value for Solaris is 'sunos' not 'solaris'.

2026-02-07 20:05:52 -05:00

README.md

Adapt REL_18_STABLE to its new status as a stable branch

2025-06-29 23:00:00 -04:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/18/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/18/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.

Languages

C 84.9%

PLpgSQL 6.1%

Perl 4.7%

Yacc 1.2%

Meson 0.7%

Other 2.2%