| From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | thomas(at)postgresql(dot)org (Thomas Lockhart) |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... |
| Date: | 2002-08-04 17:53:17 |
| Message-ID: | 87ado27boy.fsf@CERT.Uni-Stuttgart.DE |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
thomas(at)postgresql(dot)org (Thomas Lockhart) writes:
> Log message:
> Add guard code to protect from buffer overruns on long date/time input
> strings. Should go back in and look at doing this a bit more elegantly
> and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> shame to scan the strings twice: once for length for this buffer overrun
> protection, and once to parse the line.
Are these changes available for 7.2, too? There is at least a DoS
potential lurking here. :-(
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-08-04 18:12:15 | pgsql-server/src/backend/utils/cache relcache.c |
| Previous Message | Tom Lane | 2002-08-04 17:14:12 | Re: [COMMITTERS] pgsql-server/src backend/tcop/postgres.c backe ... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-04 19:35:05 | Re: [COMMITTERS] pgsql-server/src backend/tcop/postgres.c |
| Previous Message | Tom Lane | 2002-08-04 17:14:12 | Re: [COMMITTERS] pgsql-server/src backend/tcop/postgres.c backe ... |