Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)

Neil Conway <neilc@samurai.com>

From: Neil Conway <neilc@samurai.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Neil Conway <neilc@samurai.com>, Vince Vielhaber <vev@michvhf.com>, pgsql-hackers@postgresql.org
Date: 2002-08-20T20:54:23Z
Lists: pgsql-hackers

Attachments

Tom Lane <tgl@sss.pgh.pa.us> writes:
> Neil Conway <neilc@samurai.com> writes:
> > + 	/* Check for integer overflow */
> > + 	if (tlen / slen != count)
> > + 		elog(ERROR, "Requested buffer is too large.");
> 
> What about slen == 0?

Good point -- that wouldn't cause incorrect results or a security
problem, but it would reject input that we should really accept.

Revised patch is attached.

Cheers,

Neil

-- 
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC