OSSForks/postgres
1
0
Fork 0
mirror of https://github.com/zebrajr/postgres.git synced 2025-12-07 12:20:31 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Apply Neil Conway's security patches to 7.2.X.

Browse Source
This commit is contained in:
Bruce Momjian 2002-08-22 05:27:41 +00:00
parent 76fc795e5c
commit cd9f392cd0
5 changed files with 72 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/backend/commands/variable.c
View File

@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.57 2001/12/09 04:37:50 thomas Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.57.2.1 2002/08/22 05:27:41 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -274,26 +274,26 @@ static bool
show_datestyle(void)
{
char buf[64];
char *dstyle;
strcpy(buf, "DateStyle is ");
switch (DateStyle)
{
case USE_ISO_DATES:
strcat(buf, "ISO");
dstyle = "ISO";
break;
case USE_SQL_DATES:
strcat(buf, "SQL");
dstyle = "SQL";
break;
case USE_GERMAN_DATES:
strcat(buf, "German");
dstyle = "German";
break;
default:
strcat(buf, "Postgres");
dstyle = "Postgres";
break;
};
strcat(buf, " with ");
strcat(buf, ((EuroDates) ? "European" : "US (NonEuropean)"));
strcat(buf, " conventions");
}
snprintf(buf, sizeof(buf), "DateStyle is %s with %s conventions",
dstyle, EuroDates ? "European" : "US (NonEuropean");
elog(NOTICE, buf, NULL);
@ -442,15 +442,14 @@ parse_timezone(List *args)
{
/* found something? then save it for later */
if ((defaultTZ = getenv("TZ")) != NULL)
strcpy(TZvalue, defaultTZ);
strncpy(TZvalue, defaultTZ, sizeof(TZvalue));
/* found nothing so mark with an invalid pointer */
else
defaultTZ = (char *) -1;
}
strcpy(tzbuf, "TZ=");
strcat(tzbuf, tok);
snprintf(tzbuf, sizeof(tzbuf), "TZ=%s", tok);
if (putenv(tzbuf) != 0)
elog(ERROR, "Unable to set TZ environment variable to %s", tok);
@ -513,8 +512,7 @@ reset_timezone(void)
/* time zone was set and original explicit time zone available? */
else if (defaultTZ != (char *) -1)
{
strcpy(tzbuf, "TZ=");
strcat(tzbuf, TZvalue);
snprintf(tzbuf, sizeof(tzbuf), "TZ=%s", TZvalue);
if (putenv(tzbuf) != 0)
elog(ERROR, "Unable to set TZ environment variable to %s", TZvalue);
tzset();

12
src/backend/utils/adt/date.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.64.2.1 2002/03/15 23:37:48 thomas Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.64.2.2 2002/08/22 05:27:41 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -53,6 +53,9 @@ date_in(PG_FUNCTION_ARGS)
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad date external representation (too long) '%s'", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tzp) != 0))
elog(ERROR, "Bad date external representation '%s'", str);
@ -442,6 +445,9 @@ time_in(PG_FUNCTION_ARGS)
int dtype;
int ftype[MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad time external representation (too long) '%s'", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, NULL) != 0))
elog(ERROR, "Bad time external representation '%s'", str);
@ -951,6 +957,10 @@ timetz_in(PG_FUNCTION_ARGS)
int dtype;
int ftype[MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad time with time zone external representation"
" (too long) '%s'", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
elog(ERROR, "Bad time external representation '%s'", str);

26
src/backend/utils/adt/nabstime.c
View File

@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.91 2001/10/25 05:49:44 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.91.2.1 2002/08/22 05:27:41 momjian Exp $
*
* NOTES
*
@ -145,21 +145,21 @@ GetCurrentAbsoluteTime(void)
* XXX is there a better way to get local timezone string w/o
* tzname? - tgl 97/03/18
*/
strftime(CTZName, MAXTZLEN, "%Z", tm);
strftime(CTZName, MAXTZLEN + 1, "%Z", tm);
#endif
/*
* XXX FreeBSD man pages indicate that this should work - thomas
* 1998-12-12
*/
strcpy(CTZName, tm->tm_zone);
StrNCpy(CTZName, tm->tm_zone, MAXTZLEN + 1);
#elif defined(HAVE_INT_TIMEZONE)
tm = localtime(&now);
CDayLight = tm->tm_isdst;
CTimeZone = ((tm->tm_isdst > 0) ? (TIMEZONE_GLOBAL - 3600) : TIMEZONE_GLOBAL);
strcpy(CTZName, tzname[tm->tm_isdst]);
StrNCpy(CTZName, tzname[tm->tm_isdst], MAXTZLEN + 1);
#else /* neither HAVE_TM_ZONE nor
* HAVE_INT_TIMEZONE */
CTimeZone = tb.timezone * 60;
@ -169,7 +169,7 @@ GetCurrentAbsoluteTime(void)
* XXX does this work to get the local timezone string in V7? -
* tgl 97/03/18
*/
strftime(CTZName, MAXTZLEN, "%Z", localtime(&now));
strftime(CTZName, MAXTZLEN + 1, "%Z", localtime(&now));
#endif
}
@ -227,21 +227,21 @@ GetCurrentAbsoluteTimeUsec(int *usec)
* XXX is there a better way to get local timezone string w/o
* tzname? - tgl 97/03/18
*/
strftime(CTZName, MAXTZLEN, "%Z", tm);
strftime(CTZName, MAXTZLEN + 1, "%Z", tm);
#endif
/*
* XXX FreeBSD man pages indicate that this should work - thomas
* 1998-12-12
*/
strcpy(CTZName, tm->tm_zone);
StrNCpy(CTZName, tm->tm_zone, MAXTZLEN + 1);
#elif defined(HAVE_INT_TIMEZONE)
tm = localtime(&now);
CDayLight = tm->tm_isdst;
CTimeZone = ((tm->tm_isdst > 0) ? (TIMEZONE_GLOBAL - 3600) : TIMEZONE_GLOBAL);
strcpy(CTZName, tzname[tm->tm_isdst]);
StrNCpy(CTZName, tzname[tm->tm_isdst], MAXTZLEN + 1);
#else /* neither HAVE_TM_ZONE nor
* HAVE_INT_TIMEZONE */
CTimeZone = tb.timezone * 60;
@ -251,7 +251,7 @@ GetCurrentAbsoluteTimeUsec(int *usec)
* XXX does this work to get the local timezone string in V7? -
* tgl 97/03/18
*/
strftime(CTZName, MAXTZLEN, "%Z", localtime(&now));
strftime(CTZName, MAXTZLEN + 1, "%Z", localtime(&now));
#endif
};
@ -503,8 +503,8 @@ nabstimein(PG_FUNCTION_ARGS)
int nf,
ftype[MAXDATEFIELDS];
if (strlen(str) > MAXDATELEN)
elog(ERROR, "Bad (length) abstime external representation '%s'", str);
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad abstime external representation '%s' (too long)", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@ -856,8 +856,8 @@ reltimein(PG_FUNCTION_ARGS)
ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
if (strlen(str) > MAXDATELEN)
elog(ERROR, "Bad (length) reltime external representation '%s'", str);
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad reltime external representation '%s' (too long)", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeDateDelta(field, ftype, nf, &dtype, tm, &fsec) != 0))

22
src/backend/utils/adt/oracle_compat.c
View File

@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.37 2002/01/08 17:03:41 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.37.2.1 2002/08/22 05:27:41 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -199,6 +199,11 @@ lpad(PG_FUNCTION_ARGS)
#ifdef MULTIBYTE
bytelen = pg_database_encoding_max_length() * len;
/* check for integer overflow */
if (len != 0 && bytelen / pg_database_encoding_max_length() != len)
elog(ERROR, "Requested length too large");
ret = (text *) palloc(VARHDRSZ + bytelen);
#else
ret = (text *) palloc(VARHDRSZ + len);
@ -310,6 +315,11 @@ rpad(PG_FUNCTION_ARGS)
#ifdef MULTIBYTE
bytelen = pg_database_encoding_max_length() * len;
/* Check for integer overflow */
if (len != 0 && bytelen / pg_database_encoding_max_length() != len)
elog(ERROR, "Requested length too large");
ret = (text *) palloc(VARHDRSZ + bytelen);
#else
ret = (text *) palloc(VARHDRSZ + len);
@ -997,6 +1007,16 @@ repeat(PG_FUNCTION_ARGS)
slen = (VARSIZE(string) - VARHDRSZ);
tlen = (VARHDRSZ + (count * slen));
/* Check for integer overflow */
if (slen != 0 && count != 0)
{
int check = count * slen;
int check2 = check + VARHDRSZ;
if ((check / slen) != count || check2 <= check)
elog(ERROR, "Requested buffer is too large.");
}
result = (text *) palloc(tlen);
VARATT_SIZEP(result) = tlen;

18
src/backend/utils/adt/timestamp.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.62.2.1 2002/03/05 03:45:43 ishii Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.62.2.2 2002/08/22 05:27:41 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -61,7 +61,10 @@ timestamp_in(PG_FUNCTION_ARGS)
int nf;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad timestamp external representation (too long) '%s'", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@ -185,7 +188,11 @@ timestamptz_in(PG_FUNCTION_ARGS)
int nf;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad timestamp with time zone"
" external representation (too long) '%s'", str);
if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
|| (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
@ -293,7 +300,10 @@ interval_in(PG_FUNCTION_ARGS)
int nf;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
elog(ERROR, "Bad interval external representation (too long) '%s'", str);
tm->tm_year = 0;
tm->tm_mon = 0;