Skip to content

Commit 793704d

Browse files
Jan WieckJan Wieck
Jan Wieck
authored and
Jan Wieck
committed
Some security checks that we've found an external value completely
when fetching toasted values. Jan
1 parent f3e5d86 commit 793704d

File tree

1 file changed

+34
-2
lines changed

1 file changed

+34
-2
lines changed

src/backend/access/heap/tuptoaster.c

+34-2
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/access/heap/tuptoaster.c,v 1.6 2000/07/06 18:22:45 wieck Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/access/heap/tuptoaster.c,v 1.7 2000/07/11 12:32:03 wieck Exp $
1212
*
1313
*
1414
* INTERFACE ROUTINES
@@ -929,9 +929,17 @@ toast_fetch_datum(varattrib *attr)
929929
Datum chunk;
930930
bool isnull;
931931

932+
char *chunks_found;
933+
char *chunks_expected;
934+
932935
ressize = attr->va_content.va_external.va_extsize;
933936
numchunks = (ressize / TOAST_MAX_CHUNK_SIZE) + 1;
934937

938+
chunks_found = palloc(numchunks);
939+
chunks_expected = palloc(numchunks);
940+
memset(chunks_found, 0, numchunks);
941+
memset(chunks_expected, 1, numchunks);
942+
935943
result = (varattrib *)palloc(ressize + VARHDRSZ);
936944
VARATT_SIZEP(result) = ressize + VARHDRSZ;
937945
if (VARATT_IS_COMPRESSED(attr))
@@ -971,7 +979,7 @@ toast_fetch_datum(varattrib *attr)
971979
heap_fetch(toastrel, SnapshotAny, &toasttup, &buffer);
972980
pfree(indexRes);
973981

974-
if (!toasttup.t_data)
982+
if (toasttup.t_data == NULL)
975983
continue;
976984
ttup = &toasttup;
977985

@@ -982,6 +990,20 @@ toast_fetch_datum(varattrib *attr)
982990
residx = (int32)heap_getattr(ttup, 2, toasttupDesc, &isnull);
983991
chunk = heap_getattr(ttup, 3, toasttupDesc, &isnull);
984992

993+
/* ----------
994+
* Some checks on the data we've found
995+
* ----------
996+
*/
997+
if (residx * TOAST_MAX_CHUNK_SIZE + VARATT_SIZE(chunk) - VARHDRSZ
998+
> ressize)
999+
elog(ERROR, "chunk data exceeds original data size for "
1000+
"toast value %d",
1001+
attr->va_content.va_external.va_valueid);
1002+
if (chunks_found[residx]++ > 0)
1003+
elog(ERROR, "chunk %d for toast value %d appears multiple times",
1004+
residx,
1005+
attr->va_content.va_external.va_valueid);
1006+
9851007
/* ----------
9861008
* Copy the data into our result
9871009
* ----------
@@ -993,6 +1015,16 @@ toast_fetch_datum(varattrib *attr)
9931015
ReleaseBuffer(buffer);
9941016
}
9951017

1018+
/* ----------
1019+
* Final checks that we successfully fetched the datum
1020+
* ----------
1021+
*/
1022+
if (memcmp(chunks_found, chunks_expected, numchunks) != 0)
1023+
elog(ERROR, "not all toast chunks found for value %d",
1024+
attr->va_content.va_external.va_valueid);
1025+
pfree(chunks_expected);
1026+
pfree(chunks_found);
1027+
9961028
/* ----------
9971029
* End scan and close relations
9981030
* ----------

0 commit comments

Comments
 (0)