| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix array overrun in ecpg's version of ParseDateTime(). |
| Date: | 2014-10-07 01:24:35 |
| Message-ID: | E1XbJVz-00011W-9A@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix array overrun in ecpg's version of ParseDateTime().
The code wrote a value into the caller's field[] array before checking
to see if there was room, which of course is backwards. Per report from
Michael Paquier.
I fixed the equivalent bug in the backend's version of this code way back
in 630684d3a130bb93, but failed to think about ecpg's copy. Fortunately
this doesn't look like it would be exploitable for anything worse than a
core dump: an external attacker would have no control over the single word
that gets written.
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/d3cfe20c6dc498f9294d07c7803a8cc776f8db31
Modified Files
--------------
src/interfaces/ecpg/pgtypeslib/dt_common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2014-10-07 04:19:32 | pgsql: Fix typo in elog message. |
| Previous Message | Peter Eisentraut | 2014-10-07 00:33:41 | Re: pgsql: Check for GiST index tuples that don't fit on a page. |