GOMODULES
/
pgx
mirror of https://github.com/jackc/pgx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,873 Commits
61 Branches
101 Tags
7.9 MiB
Commit Graph

5 Commits (0f77a2d028414a616da37d0a07813dfaf61e5d5f)

Author SHA1 Message Date
Jack Christensen 20344dfae8 Check for overflow on uint16 sizes in pgproto3 2024-03-04 09:09:29 -06:00
Jack Christensen adbb38f298 Do not allow protocol messages larger than ~1GB 
The PostgreSQL server will reject messages greater than ~1 GB anyway.
However, worse than that is that a message that is larger than 4 GB
could wrap the 32-bit integer message size and be interpreted by the
server as multiple messages. This could allow a malicious client to
inject arbitrary protocol messages.

https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
 2024-03-04 09:09:29 -06:00
Jack Christensen 7f382f5190 Better fuzz testing and fix several bugs it found 
Fix infinite loop in AuthenticationSASL.Decode
Fix panic in CommandComplete.Decode
Fix panic in DataRow.Decode
Fix panic in NotificationResponse.Decode
 2022-07-23 16:13:06 -05:00
Jack Christensen d13f651810 Finish importing pgio as internal package 2022-02-21 14:35:20 -06:00
Jack Christensen 04476c4a13 Move pgproto3 to subdirectory 2022-02-21 11:57:34 -06:00