Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ...
Florian Weimer <weimer@cert.uni-stuttgart.de>
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
To: thomas@postgresql.org (Thomas Lockhart)
Cc: pgsql-hackers@postgresql.org
Date: 2002-08-04T17:53:17Z
Lists: pgsql-hackers
thomas@postgresql.org (Thomas Lockhart) writes: > Log message: > Add guard code to protect from buffer overruns on long date/time input > strings. Should go back in and look at doing this a bit more elegantly > and (hopefully) cheaper. Probably not too bad anyway, but it seems a > shame to scan the strings twice: once for length for this buffer overrun > protection, and once to parse the line. Are these changes available for 7.2, too? There is at least a DoS potential lurking here. :-( -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898