mirror of
https://github.com/zebrajr/postgres.git
synced 2025-12-08 07:38:44 +01:00
69d2bc14ad
Coverity identified a number of places in which it couldn't prove that a string being copied into a fixed-size buffer would fit. We believe that most, perhaps all of these are in fact safe, or are copying data that is coming from a trusted source so that any overrun is not really a security issue. Nonetheless it seems prudent to forestall any risk by using strlcpy() and similar functions. Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports. In addition, fix a potential null-pointer-dereference crash in contrib/chkpass. The crypt(3) function is defined to return NULL on failure, but chkpass.c didn't check for that before using the result. The main practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). This ideally should've been a separate commit, but since it touches code adjacent to one of the buffer overrun changes, I included it in this commit to avoid last-minute merge issues. This issue was reported by Honza Horak. Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt() |
||
|---|---|---|
| .. | ||
| adminpack | ||
| auto_explain | ||
| btree_gin | ||
| btree_gist | ||
| chkpass | ||
| citext | ||
| cube | ||
| dblink | ||
| dict_int | ||
| dict_xsyn | ||
| earthdistance | ||
| fuzzystrmatch | ||
| hstore | ||
| intagg | ||
| intarray | ||
| isn | ||
| lo | ||
| ltree | ||
| oid2name | ||
| pageinspect | ||
| pg_buffercache | ||
| pg_freespacemap | ||
| pg_standby | ||
| pg_stat_statements | ||
| pg_trgm | ||
| pgbench | ||
| pgcrypto | ||
| pgrowlocks | ||
| pgstattuple | ||
| seg | ||
| spi | ||
| sslinfo | ||
| start-scripts | ||
| tablefunc | ||
| test_parser | ||
| tsearch2 | ||
| uuid-ossp | ||
| vacuumlo | ||
| xml2 | ||
| contrib-global.mk | ||
| Makefile | ||
| README | ||
The PostgreSQL contrib tree
---------------------------
This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly because
they address a limited audience or are too experimental to be part of
the main source tree. This does not preclude their usefulness.
User documentation for each module appears in the main SGML documentation.
Most items can be built with `gmake all' and installed with
`gmake install' in the usual fashion, after you have run the `configure'
script in the top-level directory. Some directories supply new
user-defined functions, operators, or types. In these cases, after you have
installed the files you need to register the new entities in the database
system by running the commands in the supplied .sql file. For example,
$ psql -d dbname -f module.sql
See the PostgreSQL documentation for more information about this
procedure.
Index:
------
adminpack -
File and log manipulation routines, used by pgAdmin
by Dave Page <dpage@vale-housing.co.uk>
auto_explain -
Log EXPLAIN output for long-running queries
by Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
btree_gin -
Support for emulating BTREE indexing in GIN
by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>
btree_gist -
Support for emulating BTREE indexing in GiST
by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>
chkpass -
An auto-encrypted password datatype
by D'Arcy J.M. Cain <darcy@druid.net>
citext -
A case-insensitive character string datatype
by David E. Wheeler <david@kineticode.com>
cube -
Multidimensional-cube datatype (GiST indexing example)
by Gene Selkov, Jr. <selkovjr@mcs.anl.gov>
dblink -
Allows remote query execution
by Joe Conway <mail@joeconway.com>
dict_int -
Text search dictionary template for integers
by Sergey Karpov <karpov@sao.ru>
dict_xsyn -
Text search dictionary template for extended synonym processing
by Sergey Karpov <karpov@sao.ru>
earthdistance -
Functions for computing distances between two points on Earth
by Bruno Wolff III <bruno@wolff.to> and Hal Snyder <hal@vailsys.com>
fuzzystrmatch -
Levenshtein, metaphone, and soundex fuzzy string matching
by Joe Conway <mail@joeconway.com> and Joel Burton <jburton@scw.org>
hstore -
Module for storing (key, value) pairs
by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>
intagg -
Integer aggregator
by mlw <markw@mohawksoft.com>
intarray -
Index support for arrays of int4, using GiST
by Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>
isn -
PostgreSQL type extensions for ISBN, ISSN, ISMN, EAN13 product numbers
by Germ<72>n M<>ndez Bravo (Kronuz) <kronuz@hotmail.com>
lo -
Large Object maintenance
by Peter Mount <peter@retep.org.uk>
ltree -
Tree-like data structures
by Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>
oid2name -
Maps numeric files to table names
by B Palmer <bpalmer@crimelabs.net>
pageinspect -
Allows inspection of database pages
Heikki Linnakangas <heikki@enterprisedb.com>
pg_buffercache -
Real time queries on the shared buffer cache
by Mark Kirkwood <markir@paradise.net.nz>
pg_freespacemap -
Displays the contents of the free space map (FSM)
by Mark Kirkwood <markir@paradise.net.nz>
pg_standby -
Sample archive_command for warm standby operation
by Simon Riggs <simon@2ndquadrant.com>
pg_stat_statements -
Track statement execution times across a whole database cluster
by Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
pg_trgm -
Functions for determining the similarity of text based on trigram
matching.
by Oleg Bartunov <oleg@sai.msu.su> and Teodor Sigaev <teodor@sigaev.ru>
pgbench -
TPC-B like benchmarking tool
by Tatsuo Ishii <ishii@sraoss.co.jp>
pgcrypto -
Cryptographic functions
by Marko Kreen <marko@l-t.ee>
pgrowlocks -
A function to return row locking information
by Tatsuo Ishii <ishii@sraoss.co.jp>
pgstattuple -
Functions to return statistics about "dead" tuples and free
space within a table
by Tatsuo Ishii <ishii@sraoss.co.jp>
seg -
Confidence-interval datatype (GiST indexing example)
by Gene Selkov, Jr. <selkovjr@mcs.anl.gov>
spi -
Various trigger functions, examples for using SPI.
sslinfo -
Functions to get information about SSL certificates
by Victor Wagner <vitus@cryptocom.ru>
start-scripts -
Scripts for starting the server at boot time on various platforms.
tablefunc -
Examples of functions returning tables
by Joe Conway <mail@joeconway.com>
test_parser -
Sample text search parser
by Sergey Karpov <karpov@sao.ru>
tsearch2 -
Compatibility package for the pre-8.3 implementation of text search.
Pavel Stehule <pavel.stehule@gmail.com>, based on code originally by
Teodor Sigaev <teodor@sigaev.ru> and Oleg Bartunov <oleg@sai.msu.su>.
uuid-ossp -
UUID generation functions
by Peter Eisentraut <peter_e@gmx.net>
vacuumlo -
Remove orphaned large objects
by Peter T Mount <peter@retep.org.uk>
xml2 -
Storing XML in PostgreSQL
by John Gray <jgray@azuli.co.uk>