From: Neil Conway <neilc@samurai.com>
Date: Thu, 27 Jan 2005 01:52:34 +0000 (+0000)
Subject: Backpatch fix for buffer overrun in parsing refcursor parameters to
X-Git-Tag: REL7_2_7~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9eeeb9809ed1da35915b7cde0f73620f5025dd91;p=thirdparty%2Fpostgresql.git

Backpatch fix for buffer overrun in parsing refcursor parameters to
REL7_2_STABLE.
---

diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index b3a86236e5a..725f12f1d32 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
  *						  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.1 2002/05/21 18:50:18 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.2 2005/01/27 01:52:34 neilc Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -476,6 +476,10 @@ decl_cursor_arglist : decl_cursor_arg
 					{
 						int i = $1->nfields++;
 
+						/* Guard against overflowing the array on malicious input */
+						if (i >= 1024)
+							yyerror("too many parameters specified for refcursor");
+
 						$1->fieldnames[i] = $3->refname;
 						$1->varnos[i] = $3->varno;