Hi,
We use Postgres in our product and we have a client that requires a
static code analysis scan to detect vulnerabilities. They are concerned
because the tool (Veracode) found several flaws in Postgres and they
believe there might be a security risk. I'm sure there are lots of
companies that use Postgres that have security policies like theirs in
place, so I'm hoping someone has the experience to know that these are
false positives or that they are not a security risk for some reason.
Below is a description of the vulnerability and the location in the
source code. Version 9.3.2.1 was scanned. Please let me know if there is
a better place to ask this kind of question.
Thanks,
Patrick
------------------------------------
Stack-based Buffer Overflow (CWE ID 121)(13 flaws):
There is a potential buffer overflow with these functions. If an
attacker can control the data written into the buffer, the overflow may
result in execution of arbitrary code.
btree_gist.dll .../btree_gist/btree_utils_num.c 115
btree_gist.dll .../btree_gist/btree_utils_num.c 123
pgcrypto.dll .../contrib/pgcrypto/crypt-md5.c 103
libpq.dll .../interfaces/libpq/fe-connect.c 3185
libpq.dll .../interfaces/libpq/fe-connect.c 3220
clusterdb.exe .../interfaces/libpq/fe-connect.c 3243
libpq.dll .../libpq/fe-protocol3.c 1661
libecpg_compat.dll .../ecpg/compatlib/informix.c 978
pgcrypto.dll .../contrib/pgcrypto/mbuf.c 112
pgcrypto.dll .../contrib/pgcrypto/mbuf.c 290
pgcrypto.dll .../contrib/pgcrypto/mbuf.c 306
pgcrypto.dll .../contrib/pgcrypto/mbuf.c 330
libpq.dll .../interfaces/libpq/pqexpbuffer.c 369
Use of Inherently Dangerous Function (CWE ID 242)(1 flaw):
These functions are inherently unsafe because they does not perform
bounds checking on the size of their input. An attacker can send overly
long input and overflow the destination buffer, potentially resulting in
execution of arbitrary code.
pg_isolation_regress.exe .../src/test/regress/pg_regress.c 2307
Integer Overflow or Wraparound (CWE ID 190)(1 flaw):
An integer overflow condition exists when an integer that has not been
properly sanity checked is used in the determination of an offset or
size for memory allocation, copying, concatenation, or similarly. If the
integer in question is incremented past the maximum possible value, it
may wrap to become a very small, negative number, therefore providing an
unintended value. This occurs most commonly in arithmetic operations or
loop iterations. Integer overflows can often result in buffer overflows
or data corruption, both of which may be potentially exploited to
execute arbitrary code.
dict_snowball.dll .../libstemmer/utilities.c 371
Process Control (CWE ID 114)(4 flaws)
A function call could result in a process control attack. An argument to
a process control function is either derived from an untrusted source or
is hard-coded, both of which may allow an attacker to execute malicious
code under certain conditions. If an attacker is allowed to specify all
or part of the filename, it may be possible to load arbitrary libraries.
If the location is hard-coded and an attacker is able to place a
malicious copy of the library higher in the search order than the file
the application intends to load, then the application will load the
malicious version.
psql.exe .../src/bin/psql/print.c 752
psql.exe .../src/bin/psql/print.c 791
psql.exe .../src/bin/psql/print.c 2209
psql.exe .../src/bin/psql/print.c 2500
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
