Thread: more buffer paranoia

more buffer paranoia

From
Neil Conway
Date:
This patch adds length checking for a bunch of instances in the
backend where a statically sized buffer is written to. Most of these
should be pretty safe in practice, but it's probably better to be safe
than sorry.

I was actually looking for cases where NAMEDATALEN is assumed to be
32, but only found one. That's fixed too, as well as a few bits of
code cleanup.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

Attachment

Re: more buffer paranoia

From
Bruce Momjian
Date:
Your patch has been added to the PostgreSQL unapplied patches list at:

    http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------


Neil Conway wrote:
> This patch adds length checking for a bunch of instances in the
> backend where a statically sized buffer is written to. Most of these
> should be pretty safe in practice, but it's probably better to be safe
> than sorry.
>
> I was actually looking for cases where NAMEDATALEN is assumed to be
> 32, but only found one. That's fixed too, as well as a few bits of
> code cleanup.
>
> Cheers,
>
> Neil
>
> --
> Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: more buffer paranoia

From
Bruce Momjian
Date:
Patch applied.  Thanks.

---------------------------------------------------------------------------


Neil Conway wrote:
> This patch adds length checking for a bunch of instances in the
> backend where a statically sized buffer is written to. Most of these
> should be pretty safe in practice, but it's probably better to be safe
> than sorry.
>
> I was actually looking for cases where NAMEDATALEN is assumed to be
> 32, but only found one. That's fixed too, as well as a few bits of
> code cleanup.
>
> Cheers,
>
> Neil
>
> --
> Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073