git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committer	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:37 +0000 (09:33 -0500)
commit	6a10e57b0f79678243f42e2a6033723975aa8530
tree	283fa5e67aa93a550a48806d609580d5bcea3485	tree \| snapshot
parent	b5c574399ee7306bee3650f0907a07e42be82b33	commit \| diff

Fix handling of wide datetime input/output.

Many server functions use the MAXDATELEN constant to size a buffer for
parsing or displaying a datetime value.  It was much too small for the
longest possible interval output and slightly too small for certain
valid timestamp input, particularly input with a long timezone name.
The long input was rejected needlessly; the long output caused
interval_out() to overrun its buffer.  ECPG's pgtypes library has a copy
of the vulnerable functions, which bore the same vulnerabilities along
with some of its own.  In contrast to the server, certain long inputs
caused stack overflow rather than failing cleanly.  Back-patch to 8.4
(all supported versions).

Reported by Daniel Schüssler, reviewed by Tom Lane.

Security: CVE-2014-0063

src/include/utils/datetime.h		diff \| blob \| blame \| history
src/interfaces/ecpg/pgtypeslib/datetime.c		diff \| blob \| blame \| history
src/interfaces/ecpg/pgtypeslib/dt.h		diff \| blob \| blame \| history
src/interfaces/ecpg/pgtypeslib/dt_common.c		diff \| blob \| blame \| history
src/interfaces/ecpg/pgtypeslib/interval.c		diff \| blob \| blame \| history
src/interfaces/ecpg/pgtypeslib/timestamp.c		diff \| blob \| blame \| history
src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c		diff \| blob \| blame \| history
src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.stdout		diff \| blob \| blame \| history
src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc		diff \| blob \| blame \| history
src/test/regress/expected/interval.out		diff \| blob \| blame \| history
src/test/regress/sql/interval.sql		diff \| blob \| blame \| history