Prevent stack overflow in json-related functions. Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an application constructs PostgreSQL json or jsonb values from arbitrary user input, application users could have exploited this to terminate all active database connections. That applies to 9.3, where the json parser adopted recursive descent, and later versions. Only row_to_json() and array_to_json() were at risk in 9.2, both in a non-security capacity. Back-patch to 9.2, where the json type was introduced.
Oskari Saarenmaa, reviewed by Michael Paquier. Security: CVE-2015-5289 Branch ------ REL9_2_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/8dacb29ca7c92814d69135f40e16a46f8cf9cbaf Modified Files -------------- src/backend/utils/adt/json.c | 3 +++ 1 file changed, 3 insertions(+) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
