Commit Graph

1005 Commits

Author SHA1 Message Date
Teodor Sigaev
473b40d23e Fix uninitialized variables in get_covers 2009-01-16 12:09:30 +00:00
Teodor Sigaev
b7394a6e6e Fix URL generation in headline. Only tag lexeme will be replaced by space.
Per http://archives.postgresql.org/pgsql-bugs/2008-12/msg00013.php
2009-01-15 18:17:12 +00:00
Teodor Sigaev
696dbd873d Fix generation of too long headline with ShortWords.
Per http://archives.postgresql.org/pgsql-hackers/2008-09/msg01088.php
2009-01-15 18:16:52 +00:00
Teodor Sigaev
12956db2b3 Fix small bug in headline generation.
Patch from Sushant Sinha <sushant354@gmail.com>
http://archives.postgresql.org/pgsql-hackers/2008-07/msg00785.php
2008-10-17 17:42:32 +00:00
Tom Lane
d42f212573 Fix contrib/xml makefile to not override CFLAGS. 2008-05-08 17:12:08 +00:00
Tom Lane
f68173692f Fix contrib/xml2 makefile to not override CFLAGS. 2008-05-08 17:11:52 +00:00
Tom Lane
4c3f3716cc Fix several datatype input functions that were allowing unused bytes in their
results to contain uninitialized, unpredictable values.  While this was okay
as far as the datatypes themselves were concerned, it's a problem for the
parser because occurrences of the "same" literal might not be recognized as
equal by datumIsEqual (and hence not by equal()).  It seems sufficient to fix
this in the input functions since the only critical use of equal() is in the
parser's comparisons of ORDER BY and DISTINCT expressions.
Per a trouble report from Marc Cousin.

Patch all the way back.  Interestingly, array_in did not have the bug before
8.2, which may explain why the issue went unnoticed for so long.
2008-04-11 22:53:24 +00:00
Tom Lane
2069940bc6 Fix a number of places that were making file-type tests infelicitously.
The places that did, eg,
	(statbuf.st_mode & S_IFMT) == S_IFDIR
were correct, but there is no good reason not to use S_ISDIR() instead,
especially when that's what the other 90% of our code does.  The places
that did, eg,
	(statbuf.st_mode & S_IFDIR)
were flat out *wrong* and would fail in various platform-specific ways,
eg a symlink could be mistaken for a regular file on most Unixen.

The actual impact of this is probably small, since the problem cases
seem to always involve symlinks or sockets, which are unlikely to be
found in the directories that PG code might be scanning.  But it's
clearly trouble waiting to happen, so patch all the way back anyway.
(There seem to be no occurrences of the mistake in 7.4.)
2008-03-31 01:33:13 +00:00
Tom Lane
e5e66ac021 Fix core dump in contrib/xml2's xpath_table() when the input query returns
a NULL value.  Per bug #4058.
2008-03-26 01:19:31 +00:00
Tom Lane
f39ff783bc The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink.
Plug the remaining holes.  Also, disallow transient connections in functions
for which that feature makes no sense (because they are only sensible as
part of a sequence of operations on the same connection).  Joe Conway

Security: CVE-2007-6601
2008-01-03 21:28:42 +00:00
Teodor Sigaev
4fc32d5891 Backpatch: Fix tsvector_out() and tsquery_out() to escape backslesh, add test of that.
Patch by Bruce Momjian <bruce@momjian.us>
2007-11-16 17:17:52 +00:00
Joe Conway
96365c7197 Have crosstab variants treat NULL rowid as a category in its own right,
per suggestion from Tom Lane. This fixes crash-bug reported by Stefan
Schwarzer.
2007-11-10 05:02:04 +00:00
Teodor Sigaev
76e114a458 Fix crash of to_tsvector() function on huge input: compareWORD()
function didn't return correct result for word position greate than
limit.

Per report from Stuart Bishop <stuart@stuartbishop.net>
2007-09-26 10:39:15 +00:00
Teodor Sigaev
13ad48eb8a Fix header's size of structs defines in ispell. 2007-09-11 13:15:41 +00:00
Tom Lane
fa87632f79 Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
2007-08-23 16:16:11 +00:00
Joe Conway
9b5efb80ce Restrict non-superusers to password authenticated connections
to prevent possible escalation of privilege. Provide new SECURITY
DEFINER functions with old behavior, but initially REVOKE ALL
from public for these functions. Per list discussion and design
proposed by Tom Lane.
2007-07-09 01:32:58 +00:00
Teodor Sigaev
51fb9106e0 Fix caching of unsuccessful initialization of parser or configuration.
Per report from Listmail <lists@peufeu.com>
2007-04-02 11:43:11 +00:00
Teodor Sigaev
0652254108 Fix backend crash in parsing incorrect tsquery.
Per report from Jon Rosebaugh <jon@inklesspen.com>
2007-02-12 14:18:43 +00:00
Tatsuo Ishii
8147c13f6f Back port patch.
Call srandom() instead of srand().
pgbench calls random() later, so it should have called srandom().
On most platforms except Windows srandom() is actually identical
to srand(), so the bug only bites Windows users.
per bug report from Akio Ishida.
2007-01-13 03:17:34 +00:00
Teodor Sigaev
b328083249 Fix convertion for 'PFX flag N num' 2006-12-21 17:36:08 +00:00
Teodor Sigaev
09e33d1628 Fix bug introduced by last patch, thanks again to Mario Weilguni <mweilguni@sime.com> 2006-08-08 15:45:56 +00:00
Teodor Sigaev
9a7788fb4d fix bug about modifying value in shared buffer,
what was a reason to corrupt index.
Thank to Mario Weilguni <mweilguni@sime.com> to
discover a bug.
2006-08-07 17:40:53 +00:00
Teodor Sigaev
7284c36ae7 Fix bug corrupting query in gist consistent function.
Thank to Mario Weilguni <mweilguni@sime.com> to discover a bug.
2006-07-11 16:06:40 +00:00
Bruce Momjian
acf40f39be Fix dbmirror for new backslash escaping:
Martin Pitt [2006-06-16  0:15 +0200]:
> Upstream confirmed my reply in the last mail in [1]: the complete
> escaping logic in DBMirror.pl is seriously screwew.
>
> [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php

I finally found some time to debug this, and I think I found a better
patch than the one you proposed. Mine is still hackish and is still a
workaround around a proper quoting solution, but at least it repairs
the parsing without introducing the \' quoting again.

I consider this a band-aid patch to fix the recent security update.
PostgreSQL gurus, would you consider applying this until a better
solution is found for DBMirror.pl?

Martin Pitt        http://www.piware.de
2006-07-06 02:03:00 +00:00
Andrew Dunstan
34fe15672d backport workaround for OpenBSD compiler bug 2006-06-17 14:50:44 +00:00
Tom Lane
6450cee473 Fix missed \' to '' conversion. 2006-05-21 21:13:50 +00:00
Bruce Momjian
833e84621c Change \' to '', for SQL standards compliance. Backpatch to 7.3, 7.4,
and 8.0.  Later releases already patched.
2006-05-21 19:57:40 +00:00
Teodor Sigaev
2ba15dbfc3 Detoast query in g_intbig_consistent and copy query in g_int_consistent.
Minor cleanups.
2006-04-03 10:45:28 +00:00
Tom Lane
ea8eeb4ca7 Fix order of linking of libxslt and libxml2, per Dave Page. 2006-03-10 15:40:06 +00:00
Neil Conway
74f615766c Patch from Marko Kreen:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest ->reset will do two DigestInit calls
against a context.  This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.

Reason for the messy code was that I tried to avoid creating
wrapper structure to transport algorithm info and tried to use
OpenSSL context for it.  The fix is to create wrapper structure.

It also uses newer digest API to avoid memory allocations
on reset with newer OpenSSLs.

Thanks to Daniel Blaisdell for reporting it.
2006-02-18 20:48:56 +00:00
Joe Conway
6c2fa48885 When the remote query result has a different number of columns
than the local query specifies (e.g. in the FROM clause),
throw an ERROR (instead of crashing). Fix for bug #2129 reported
by Akio Iwaasa.
2006-01-03 23:47:24 +00:00
Tom Lane
a559ef6594 There is a signedness bug in Openwall gen_salt code that pgcrypto uses.
This makes the salt space for md5 and xdes algorithms a lot smaller than
it should be.

Marko Kreen
2006-01-03 23:46:44 +00:00
Teodor Sigaev
ba6e1b2e72 Fix word's length in pg_regexec call 2005-12-21 13:08:14 +00:00
Teodor Sigaev
9a40b555d3 Fix stupid bug with sizeof 2005-12-06 18:22:21 +00:00
Teodor Sigaev
0c1a3f94c6 Fix incorrect header size macros 2005-11-03 18:15:47 +00:00
Tom Lane
09290098c5 Prevent core dump in contrib version of autovacuum when a table has been
dropped.  Per report from daveg (not his patch, though).
2005-10-20 16:14:39 +00:00
Teodor Sigaev
b4d107a777 Update Snowball. I have to update it because of
old version doesn't available on Snowball's site and new version
of stemmers can't be compiled with old interface.
2005-09-15 11:56:58 +00:00
Tom Lane
497f11845c int_array_enum function should be using fcinfo->flinfo->fn_extra for
working state, not fcinfo->context.  Silly oversight on my part in last
go-round of fixes.
2005-08-15 19:05:30 +00:00
Tom Lane
ae1d34f23a Back-port several small portability fixes to get contrib building
cleanly on AIX in the 8.0 branch.  Rocco Altier
2005-08-02 01:35:23 +00:00
Tom Lane
ea72596db5 It appears that Darwin (OS X) does not cope well with C functions that
have the same name as the containing shared library --- as best I can
tell, the compiler internally creates a function of that name, and does
not warn you about the conflict.  Fix buildfarm failure in back branches
by renaming tsearch() trigger function at the C level.
2005-07-18 21:37:23 +00:00
Bruce Momjian
75aed9f0c2 Backpatch to 8.0.X openssl portability fixes to pgcrypto. 2005-07-04 14:42:39 +00:00
Teodor Sigaev
babd4714f6 Prevent to divide by zero and range out of 0..1 2005-06-01 11:45:42 +00:00
Bruce Momjian
928d269abf Fix pg_autovacuum -s flag to handle values > 2000 by using sleep()
instead of pg_usleep.

Backpatch to 8.0.X.
2005-05-11 17:58:32 +00:00
Tom Lane
298e077bc4 Change tsearch2 to not use the unsafe practice of creating functions
that return INTERNAL without also having INTERNAL arguments.  Since the
functions in question aren't meant to be called by hand anyway, I just
redeclared them to take 'internal' instead of 'text'.  Also add code
to ProcedureCreate() to enforce the restriction, as I should have done
to start with :-(
2005-05-03 16:51:22 +00:00
Teodor Sigaev
46edb8efad workaround for bug in utils/date.h (timetz) 2005-04-27 13:01:27 +00:00
Tom Lane
73c195c607 Fix btree_gist to handle timetz zone correctly per recent changes. 2005-04-25 16:58:18 +00:00
Tom Lane
58d0214ed8 int_aggregate's int_enum() doesn't work correctly with arrays that
aren't 1-D, so give an error message instead of failing.  Per report
from Ron Mayer.
2005-04-23 05:38:43 +00:00
Teodor Sigaev
cc5b676087 Add comment about permissions on pg_ts* tables 2005-04-19 13:58:11 +00:00
Tom Lane
9e57970860 Put back code mistakenly removed from copy of postmaster's
daemonize routine, namely forcing stdin/stdout/stderr to point
to /dev/null.  Per Karl Denninger.
2005-04-03 00:02:03 +00:00
Teodor Sigaev
da2010f40b Fix various comparing functions 2005-03-31 15:10:48 +00:00