thomas@postgresql.org (Thomas Lockhart) writes:
> Log message:
> Add guard code to protect from buffer overruns on long date/time input
> strings. Should go back in and look at doing this a bit more elegantly
> and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> shame to scan the strings twice: once for length for this buffer overrun
> protection, and once to parse the line.
Are these changes available for 7.2, too? There is at least a DoS
potential lurking here. :-(
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898