Re: [SECURITY] DoS attack on backend possible (was: Re:

Christopher Kings-Lynne <chriskl@familyhealth.com.au>

From: "Christopher Kings-Lynne" <chriskl@familyhealth.com.au>
To: "Tom Lane" <tgl@sss.pgh.pa.us>, "Justin Clift" <justin@postgresql.org>
Cc: "Florian Weimer" <Weimer@CERT.Uni-Stuttgart.DE>, <pgsql-hackers@postgresql.org>
Date: 2002-08-12T02:25:18Z
Lists: pgsql-hackers
> Justin Clift <justin@postgresql.org> writes:
> > Am I understanding this right:
> >  - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain
> > date values which would be accepted by standard "front end" parsing?
>
> AFAIK it's a buffer overrun issue, so anything that looks like a
> reasonable date would *not* cause the problem.

Still, I believe this should require a 7.2.2 release.  Imagine a university
database server for a course for example - the students would just crash it
all the time.

Chris