Home > mailing lists

Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ...
Date	August 4, 2002 16:53:19
Msg-id	87ado27boy.fsf@CERT.Uni-Stuttgart.DE Whole thread Raw
Responses	Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... (Neil Conway <nconway@klamath.dyndns.org>)
List	pgsql-hackers

Tree view

thomas@postgresql.org (Thomas Lockhart) writes:

> Log message:
>     Add guard code to protect from buffer overruns on long date/time input
>     strings. Should go back in and look at doing this a bit more elegantly
>     and (hopefully) cheaper. Probably not too bad anyway, but it seems a
>     shame to scan the strings twice: once for length for this buffer overrun
>     protection, and once to parse the line.

Are these changes available for 7.2, too?  There is at least a DoS
potential lurking here. :-(

-- 
Florian Weimer                       Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

pgsql-hackers by date:

From: Tom Lane
Date: 04 August 2002, 16:15:03
Subject: Re: [COMMITTERS] pgsql-server/src backend/tcop/postgres.c backe ...

From: Bruce Momjian
Date: 04 August 2002, 18:35:19
Subject: Re: [COMMITTERS] pgsql-server/src backend/tcop/postgres.c

Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ... - Mailing list pgsql-hackers

Previous

Next