| From: | Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> |
|---|---|
| To: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
| Cc: | thomas(at)postgresql(dot)org (Thomas Lockhart), pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... |
| Date: | 2002-08-04 22:45:46 |
| Message-ID: | 87wur6ckf9.fsf@klamath.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> writes:
> thomas(at)postgresql(dot)org (Thomas Lockhart) writes:
> > Log message:
> > Add guard code to protect from buffer overruns on long date/time input
> > strings. Should go back in and look at doing this a bit more elegantly
> > and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> > shame to scan the strings twice: once for length for this buffer overrun
> > protection, and once to parse the line.
>
> Are these changes available for 7.2, too? There is at least a DoS
> potential lurking here. :-(
Thomas can correct me if I'm mistaken, but I believe these changes apply
to the new integer datetime code Thomas wrote earlier in the 7.3
development cycle -- i.e. there's no bug present in 7.2, or earlier CVS
code when compiled without --enable-integer-datetimes.
Cheers,
Neil
--
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2002-08-04 22:50:37 | Re: pgsql-server/src/backend catalog/pg_proc.c nod ... |
| Previous Message | Joe Conway | 2002-08-04 22:41:36 | Re: pgsql-server/src/backend catalog/pg_proc.c nod ... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 2002-08-04 23:03:10 | Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... |
| Previous Message | Tom Lane | 2002-08-04 22:33:36 | Re: Planned simplification of catalog index updates |