Prevent buffer overrun in read_tablespace_map().

Robert Foggia of Trustwave reported that read_tablespace_map()
fails to prevent an overrun of its on-stack input buffer.
Since the tablespace map file is presumed trustworthy, this does
not seem like an interesting security vulnerability, but still
we should fix it just in the name of robustness.

While here, document that pg_basebackup's --tablespace-mapping option
doesn't work with tar-format output, because it doesn't.  To make it
work, we'd have to modify the tablespace_map file within the tarball
sent by the server, which might be possible but I'm not volunteering.
(Less-painful solutions would require changing the basebackup protocol
so that the source server could adjust the map.  That's not very
appetizing either.)

diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml
index 4379a1222309e68ad75806475f10d9b41c190ff5..01dac10257176f82f75b4adfc209004a7b9e0500 100644 (file)
--- a/doc/src/sgml/ref/pg_basebackup.sgml
+++ b/doc/src/sgml/ref/pg_basebackup.sgml
@@ -155,7 +155,8 @@ PostgreSQL documentation
             the target directory. If the cluster contains additional
             tablespaces, the main data directory will be placed in the
             target directory, but all other tablespaces will be placed
-            in the same absolute path as they have on the server.
+            in the same absolute path as they have on the source server.
+            (See --tablespace-mapping to change that.)
            
            
             This is the default format.
@@ -250,7 +251,12 @@ PostgreSQL documentation
         the main data directory are updated to point to the new location.  So
         the new data directory is ready to be used for a new server instance
         with all tablespaces in the updated locations.
-        
+       
+
+       
+        Currently, this option only works with plain output format; it is
+        ignored if tar format is selected.
+       
       
      
 

diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c
index 2a79c2e358618a1c1a62b8b83f46ed151835f9c4..d8653a1e762dd1128982dc49f9a8ed174bd67871 100644 (file)
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -11485,7 +11485,7 @@ read_tablespace_map(List **tablespaces)
        }
        else if ((ch == '\n' || ch == '\r') && prev_ch == '\\')
            str[i - 1] = ch;
-       else
+       else if (i < sizeof(str) - 1)
            str[i++] = ch;
        prev_ch = ch;
    }