Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ...

Florian Weimer <weimer@cert.uni-stuttgart.de>

From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
To: thomas@postgresql.org (Thomas Lockhart)
Cc: pgsql-hackers@postgresql.org
Date: 2002-08-04T17:53:17Z
Lists: pgsql-hackers
thomas@postgresql.org (Thomas Lockhart) writes:

> Log message:
> 	Add guard code to protect from buffer overruns on long date/time input
> 	strings. Should go back in and look at doing this a bit more elegantly
> 	and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> 	shame to scan the strings twice: once for length for this buffer overrun
> 	protection, and once to parse the line.

Are these changes available for 7.2, too?  There is at least a DoS
potential lurking here. :-(

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898