Hi,
I was able to crash postgres 6.5.3 when I did an 'alter user' command.
After I started a debugger I found the problem in the timezone handling of
datetime (my Linux box lost its timezone information, that's how the
problem occurred).
Only 7 bytes are reserved for the timezone, without checking for boundaries.
Attached is a patch that fixes this problem and emits a NOTICE if a
timezone is encountered that is longer than MAXTZLEN bytes, like this:
template1=# alter user postgres with password postgres;
NOTICE: Invalid timezone 'Local time zone must be set--see zic manual page'
NOTICE: Invalid timezone 'Local time zone must be set--see zic manual page'
ALTER USER
I don't know whether the timezone should be reset to some predefined
constant (like "GMT") if an error like this occurs. This patch at least
directs the user in a general direction that something is wrong with his setup.
Cheers,
Jeroen
