Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL - Mailing list pgsql-hackers

From	Neil Conway
Subject	Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL
Date	August 21, 2002 15:13:54
Msg-id	87fzx8nqao.fsf@mailbox.samurai.com Whole thread Raw
In response to	@(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL (Sir Mordred The Traitor <mordred@s-mail.com>)
Responses	Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL (Neil Conway <neilc@samurai.com>) Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Sir Mordred The Traitor <mordred@s-mail.com> writes:
> There exists a buffer overflow in a SET TIME ZONE command, that
> allows an attacker to execute malicious code.

Here's a patch for the problem. I also fixed some other potential
buffer overruns nearby, and added a little paranoia to another routine
that uses a statically sized buffer.

Thanks for the report.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

Attachment

set_time_zone-3.patch

pgsql-hackers by date:

From: Justin Clift
Date: 21 August 2002, 15:13:19
Subject: Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in

From: Tom Lane
Date: 21 August 2002, 15:19:09
Subject: Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL - Mailing list pgsql-hackers

Attachment

Previous

Next