Home > mailing lists

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

From	Gavin Sherry
Subject	Re: [SECURITY] DoS attack on backend possible (was: Re:
Date	August 12, 2002 07:25:27
Msg-id	Pine.LNX.4.21.0208121826110.16336-100000@linuxworld.com.au Whole thread Raw
In response to	Re: [SECURITY] DoS attack on backend possible (was: Re: (Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>)
Responses	Re: [SECURITY] DoS attack on backend possible (was: Re: (Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>)
List	pgsql-hackers

Tree view

On Mon, 12 Aug 2002, Florian Weimer wrote:

> Tom Lane <tgl@sss.pgh.pa.us> writes:
> 
> > Justin Clift <justin@postgresql.org> writes:
> >> Am I understanding this right:
> >>  - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain
> >> date values which would be accepted by standard "front end" parsing? 
> >
> > AFAIK it's a buffer overrun issue, so anything that looks like a
> > reasonable date would *not* cause the problem.
> 
> Yes, but if you just check that the date given by the user matches the
> regular expression "[0-9]+-[0-9]+-[0-9]+", it's still possible to
> crash the backend.

Florian,

Anyone who is using that regular expression in an attempt to validate a
user supplied date is already in trouble.

Gavin

pgsql-hackers by date:

From: Florian Weimer
Date: 12 August 2002, 07:23:30
Subject: Re: [SECURITY] DoS attack on backend possible (was: Re:

From: Hannu Krosing
Date: 12 August 2002, 08:10:26
Subject: Re: OOP real life example (was Re: Why is MySQL more

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

Previous

Next