I've backpatched Thomas's fixes for the potential buffer overruns in the datetime code to the REL7_2_STABLE branch. The required changes are pretty minimal, and the code passes the regression tests.
However, I haven't yet seen a test-case that demonstrates the buffer overrun in 7.2 code (I originally found the problem when playing with datetime on 7.3-dev with integer datetimes) -- I've tested it a little bit and it seems to work, but this patch probably requires pretty widespread testing. Cheers, Neil -- Neil Conway <[EMAIL PROTECTED]> || PGP Key ID: DB3C29FC
Index: src/backend/utils/adt/date.c =================================================================== RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/date.c,v retrieving revision 1.64.2.1 diff -c -r1.64.2.1 date.c *** src/backend/utils/adt/date.c 15 Mar 2002 23:37:48 -0000 1.64.2.1 --- src/backend/utils/adt/date.c 20 Aug 2002 22:10:24 -0000 *************** *** 53,58 **** --- 53,61 ---- int ftype[MAXDATEFIELDS]; char lowstr[MAXDATELEN + 1]; + if (strlen(str) >= sizeof(lowstr)) + elog(ERROR, "Bad date external representation (too long) '%s'", str); + if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tzp) != 0)) elog(ERROR, "Bad date external representation '%s'", str); *************** *** 442,447 **** --- 445,453 ---- int dtype; int ftype[MAXDATEFIELDS]; + if (strlen(str) >= sizeof(lowstr)) + elog(ERROR, "Bad time external representation (too long) '%s'", str); + if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, NULL) != 0)) elog(ERROR, "Bad time external representation '%s'", str); *************** *** 950,955 **** --- 956,965 ---- char *field[MAXDATEFIELDS]; int dtype; int ftype[MAXDATEFIELDS]; + + if (strlen(str) >= sizeof(lowstr)) + elog(ERROR, "Bad time with time zone external representation" + " (too long) '%s'", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) Index: src/backend/utils/adt/nabstime.c =================================================================== RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/nabstime.c,v retrieving revision 1.91 diff -c -r1.91 nabstime.c *** src/backend/utils/adt/nabstime.c 25 Oct 2001 05:49:44 -0000 1.91 --- src/backend/utils/adt/nabstime.c 20 Aug 2002 22:10:24 -0000 *************** *** 503,510 **** int nf, ftype[MAXDATEFIELDS]; ! if (strlen(str) > MAXDATELEN) ! elog(ERROR, "Bad (length) abstime external representation '%s'", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) --- 503,510 ---- int nf, ftype[MAXDATEFIELDS]; ! if (strlen(str) >= sizeof(lowstr)) ! elog(ERROR, "Bad abstime external representation '%s' (too long)", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) *************** *** 856,863 **** ftype[MAXDATEFIELDS]; char lowstr[MAXDATELEN + 1]; ! if (strlen(str) > MAXDATELEN) ! elog(ERROR, "Bad (length) reltime external representation '%s'", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateDelta(field, ftype, nf, &dtype, tm, &fsec) != 0)) --- 856,863 ---- ftype[MAXDATEFIELDS]; char lowstr[MAXDATELEN + 1]; ! if (strlen(str) >= sizeof(lowstr)) ! elog(ERROR, "Bad reltime external representation '%s' (too long)", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateDelta(field, ftype, nf, &dtype, tm, &fsec) != 0)) Index: src/backend/utils/adt/timestamp.c =================================================================== RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/timestamp.c,v retrieving revision 1.62.2.1 diff -c -r1.62.2.1 timestamp.c *** src/backend/utils/adt/timestamp.c 5 Mar 2002 03:45:43 -0000 1.62.2.1 --- src/backend/utils/adt/timestamp.c 20 Aug 2002 22:10:24 -0000 *************** *** 61,67 **** int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + 1]; if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) --- 61,70 ---- int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + MAXDATEFIELDS]; ! ! if (strlen(str) >= sizeof(lowstr)) ! elog(ERROR, "Bad timestamp external representation (too long) '%s'", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) *************** *** 185,191 **** int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + 1]; if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) --- 188,198 ---- int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + MAXDATEFIELDS]; ! ! if (strlen(str) >= sizeof(lowstr)) ! elog(ERROR, "Bad timestamp with time zone" ! " external representation (too long) '%s'", str); if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0) || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0)) *************** *** 293,299 **** int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + 1]; tm->tm_year = 0; tm->tm_mon = 0; --- 300,309 ---- int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; ! char lowstr[MAXDATELEN + MAXDATEFIELDS]; ! ! if (strlen(str) >= sizeof(lowstr)) ! elog(ERROR, "Bad interval external representation (too long) '%s'", str); tm->tm_year = 0; tm->tm_mon = 0;
---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
