From: Noah Misch <noah@leadboat.com>
Date: Wed, 12 Jun 2013 23:49:50 +0000 (-0400)
Subject: Don't use ordinary NULL-terminated strings as Name datums.
X-Git-Tag: REL9_3_BETA2~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ff53890f687c7f6b2a10db6661e9c32faf832636;p=thirdparty%2Fpostgresql.git

Don't use ordinary NULL-terminated strings as Name datums.

Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible.  Use the frequent idiom of
copying to a NameData on the stack.  New in 9.3, so no back-patch.
---

diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index 178c97949dc..bb6c1a46606 100644
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	Datum	   *values;
 	bool	   *nulls;
 	bool	   *replaces;
+	NameData	nameattrdata;
 
 	oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
 	if (!HeapTupleIsValid(oldtup))
@@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
 	nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
 	replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
-	values[Anum_name - 1] = PointerGetDatum(new_name);
+	namestrcpy(&nameattrdata, new_name);
+	values[Anum_name - 1] = NameGetDatum(&nameattrdata);
 	replaces[Anum_name - 1] = true;
 	newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
 							   values, nulls, replaces);
diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index a0f97e460e6..328e2a89524 100644
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 	HeapTuple	tuple;
 	Datum		values[Natts_pg_trigger];
 	bool		nulls[Natts_pg_trigger];
+	NameData	evtnamedata,
+				evteventdata;
 	ObjectAddress myself,
 				referenced;
 
@@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 
 	/* Build the new pg_trigger tuple. */
 	memset(nulls, false, sizeof(nulls));
-	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname);
-	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname);
+	namestrcpy(&evtnamedata, trigname);
+	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
+	namestrcpy(&evteventdata, eventname);
+	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
 	values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
 	values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
 	values[Anum_pg_event_trigger_evtenabled - 1] =