Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)
Neil Conway <neilc@samurai.com>
From: Neil Conway <neilc@samurai.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Neil Conway <neilc@samurai.com>, Vince Vielhaber <vev@michvhf.com>, pgsql-hackers@postgresql.org
Date: 2002-08-20T20:54:23Z
Lists: pgsql-hackers
Attachments
- repeat_fix-2.patch (text/x-patch) patch
Tom Lane <tgl@sss.pgh.pa.us> writes: > Neil Conway <neilc@samurai.com> writes: > > + /* Check for integer overflow */ > > + if (tlen / slen != count) > > + elog(ERROR, "Requested buffer is too large."); > > What about slen == 0? Good point -- that wouldn't cause incorrect results or a security problem, but it would reject input that we should really accept. Revised patch is attached. Cheers, Neil -- Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC