Commit Graph

1362 Commits

Author SHA1 Message Date
Tom Lane
c4810d9ae0 Make contrib/xml2 use core xml.c's error handler, when available (that is,
in versions >= 8.3).  The core code is more robust and efficient than what
was there before, and this also reduces risks involved in swapping different
libxml error handler settings.

Before 8.3, there is still some risk of problems if add-on modules such as
Perl invoke libxml without setting their own error handler.  Given the lack
of reports I'm not sure there's a risk in practice, so I didn't take the
step of actually duplicating the core code into older contrib/xml2 branches.
Instead I just tweaked the existing code to ensure it didn't leave a dangling
pointer to short-lived memory when throwing an error.
2010-03-03 19:10:40 +00:00
Tom Lane
7af8e8d671 Fix contrib/xml2 so regression test still works when it's built without libxslt.
This involves modifying the module to have a stable ABI, that is, the
xslt_process() function still exists even without libxslt.  It throws a
runtime error if called, but doesn't prevent executing the CREATE FUNCTION
call.  This is a good thing anyway to simplify cross-version upgrades.
2010-03-01 18:08:27 +00:00
Tom Lane
057b5485e6 Remove xmlCleanupParser calls from contrib/xml2.
These are unnecessary and probably dangerous.  I don't see any immediate
risk situations in the core XML support or contrib/xml2 itself, but there
could be issues with external uses of libxml2, and in any case it's an
accident waiting to happen.
2010-03-01 05:16:54 +00:00
Tom Lane
2502898d73 Back-patch today's memory management fixups in contrib/xml2.
Prior to 8.3, these changes are not critical for compatibility with core
Postgres, since core had no libxml2 calls then.  However there is still
a risk if contrib/xml2 is used along with libxml2 functionality in Perl
or other loadable modules.  So back-patch to all versions.

Also back-patch addition of regression tests.  I'm not sure how many of
the cases are interesting without the interaction with core xml code,
but a silly regression test is still better than none at all.
2010-03-01 03:41:17 +00:00
Joe Conway
ff6a12b3f3 Check to ensure the number of primary key fields supplied does not
exceed the total number of non-dropped source table fields for
dblink_build_sql_*(). Addresses bug report from Rushabh Lathia.

Backpatch all the way to the 7.3 branch.
2010-02-03 23:01:47 +00:00
Heikki Linnakangas
31c88772c8 Previous fix for temporary file management broke returning a set from
PL/pgSQL function within an exception handler. Make sure we use the right
resource owner when we create the tuplestore to hold returned tuples.

Simplify tuplestore API so that the caller doesn't need to be in the right
memory context when calling tuplestore_put* functions. tuplestore.c
automatically switches to the memory context used when the tuplestore was
created. Tuplesort was already modified like this earlier. This patch also
removes the now useless MemoryContextSwitch calls from callers.

Report by Aleksei on pgsql-bugs on Dec 22 2009. Backpatch to 8.1, like
the previous patch that broke this.
2009-12-29 17:41:26 +00:00
Teodor Sigaev
a142498e76 Fix incorrect cleanup of tsquery in ts_rewrite(). Per bug #4933 by
Aaron Marcuse-Kubitza <aaronmk@blackducksoftware.com>
2009-07-28 09:33:09 +00:00
Tom Lane
702e2989d5 Fix xslt_process() to ensure that it inserts a NULL terminator after the
last pair of parameter name/value strings, even when there are MAXPARAMS
of them.  Aboriginal bug in contrib/xml2, noted while studying bug #4912
(though I'm not sure whether there's something else involved in that
report).

This might be thought a security issue, since it's a potential backend
crash; but considering that untrustworthy users shouldn't be allowed
to get their hands on xslt_process() anyway, it's probably not worth
getting excited about.
2009-07-10 00:32:17 +00:00
Magnus Hagander
6749d70555 Remove beer-ware license from crypt-md5.c, per
approval from Poul-Henning Kamp.

This makes the file the same standard 2-clause BSD as the
rest of PostgreSQL.
2009-04-15 18:58:32 +00:00
Tom Lane
0e7d4c0289 Fix contrib/pg_freespacemap's underestimate of the number of pages it
could find in the FSM.  Per report from Dimitri Fontaine and Andrew Gierth.

(Affects only 8.2 and 8.3 since HEAD no longer has MaxFSMPages at all.)
2009-04-07 18:11:04 +00:00
Tom Lane
6a42ab4eb8 Defend against non-ASCII letters in fuzzystrmatch code. The functions
still don't behave very sanely for multibyte encodings, but at least
they won't be indexing off the ends of static arrays.
2009-04-07 15:54:07 +00:00
Teodor Sigaev
da5bfbd970 Fix memory allocation for output of hstore type.
Per "maosen.zhang" <maosen.zhang@alibaba-inc.com> report.
2009-04-02 18:06:12 +00:00
Tom Lane
b7578b5ce2 Fix contrib/pgstattuple and contrib/pageinspect to prevent attempts to read
temporary tables of other sessions; that is unsafe because of the way our
buffer management works.  Per report from Stuart Bishop.
This is redundant with the bufmgr.c checks in HEAD, but not at all redundant
in the back branches.
2009-03-31 22:55:41 +00:00
Tom Lane
a4702ada62 Fix old thinko in pgp.h: the idea is to declare some named enum types,
not global variables of anonymous enum types.  This didn't actually hurt
much because most linkers will just merge the duplicated definitions ...
but some will complain.  Per bug #4731 from Ceriel Jacobs.

Backpatch to 8.1 --- the declarations don't exist before that.
2009-03-25 15:03:25 +00:00
Tom Lane
98686e1ea1 Fix contrib/hstore to throw an error for keys or values that don't fit in its
data structure, rather than silently truncating them.  Andrew Gierth
2009-03-15 22:05:44 +00:00
Teodor Sigaev
9424b22b5e Prevent recursion during parse of email-like string with multiple '@'.
Patch by Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>
2009-03-10 17:44:44 +00:00
Teodor Sigaev
8fcdac9987 Fix usage of char2wchar/wchar2char. Changes:
- pg_wchar and wchar_t could have different size, so char2wchar
  doesn't call pg_mb2wchar_with_len to prevent out-of-bound
  memory bug
- make char2wchar/wchar2char symmetric, now they should not be
  called with C-locale because mbstowcs/wcstombs oftenly doesn't
  work correct with C-locale.
- Text parser uses pg_mb2wchar_with_len directly in case of
  C-locale and multibyte encoding

Per bug report by Hiroshi Inoue <inoue@tpf.co.jp> and
following discussion.

Backpatch up to 8.2 when multybyte support was implemented in tsearch.
2009-03-02 15:13:17 +00:00
Teodor Sigaev
22abc26aaf Fix URL generation in headline. Only tag lexeme will be replaced by space.
Per http://archives.postgresql.org/pgsql-bugs/2008-12/msg00013.php
2009-01-15 17:44:47 +00:00
Teodor Sigaev
32cfb33244 Fix generation of too long headline with ShortWords.
Per http://archives.postgresql.org/pgsql-hackers/2008-09/msg01088.php
2009-01-15 17:44:18 +00:00
Joe Conway
e4dcb11ead Fix bug per Oleksiy Shchukin - 2nd argument for dblink_get_result(text,bool)
is PG_GETARG_BOOL(2), should be PG_GETARG_BOOL(1).

Apply simple fix to back branches only. More extensive change to be applied
to head per Tom's suggestion.
2009-01-03 19:58:10 +00:00
Tom Lane
eea4890c08 Fix dblink and tablefunc to not return with the wrong CurrentMemoryContext.
Per buildfarm results.
2008-11-30 23:24:08 +00:00
Tom Lane
8f74153732 Fix old bug in contrib/sslinfo: X509_NAME_to_text freed the BIO_s_mem buffer
it was using too soon.  In a situation where pg_do_encoding_conversion is
a no-op, this led to garbage data returned.

In HEAD, also modify the code that's ensuring null termination to make it
a tad more obvious what's happening.
2008-11-10 14:57:53 +00:00
Teodor Sigaev
f189a12226 Fix small bug in headline generation.
Patch from Sushant Sinha <sushant354@gmail.com>
http://archives.postgresql.org/pgsql-hackers/2008-07/msg00785.php
2008-10-17 17:40:14 +00:00
Tom Lane
c06f39de73 Fix some bugs introduced by the 8.2-era conversion of cube functions to V1
calling convention.  cube_inter and cube_distance could attempt to pfree
their input arguments, and cube_dim returned a value from a struct it
might have just pfree'd (which would only really cause a problem in a
debug build, but it's still wrong).  Per bug #4208 and additional code
reading.

In HEAD and 8.3, I also made a batch of cosmetic changes to bring these
functions into line with the preferred coding style for V1 functions,
ie declare and fetch all the arguments at the top so readers can easily
see what they are.
2008-05-29 18:46:52 +00:00
Tom Lane
eb23d8023b Fix contrib/xml2 makefile to not override CFLAGS. 2008-05-08 17:11:33 +00:00
Teodor Sigaev
fc0a2b45d0 Fix broken compare function for tsquery_ops. Per Tom's report.
I never understood why initial authors GiST in pgsql choose so
stgrange signature for 'same' method:
bool *sameFn(Datum a, Datum b, bool* result)
instead of simple, logical
bool sameFn(Datum a, Datum b)
This change will break any existing GiST extension, so we still live with
it and will live.
2008-04-20 09:39:38 +00:00
Tom Lane
1aa0e9c878 Fix several datatype input functions that were allowing unused bytes in their
results to contain uninitialized, unpredictable values.  While this was okay
as far as the datatypes themselves were concerned, it's a problem for the
parser because occurrences of the "same" literal might not be recognized as
equal by datumIsEqual (and hence not by equal()).  It seems sufficient to fix
this in the input functions since the only critical use of equal() is in the
parser's comparisons of ORDER BY and DISTINCT expressions.
Per a trouble report from Marc Cousin.

Patch all the way back.  Interestingly, array_in did not have the bug before
8.2, which may explain why the issue went unnoticed for so long.
2008-04-11 22:53:06 +00:00
Tom Lane
270b3adb16 Fix core dump in contrib/xml2's xpath_table() when the input query returns
a NULL value.  Per bug #4058.
2008-03-26 01:19:17 +00:00
Tom Lane
58c7bef913 The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink.
Plug the remaining holes.  Also, disallow transient connections in functions
for which that feature makes no sense (because they are only sensible as
part of a sequence of operations on the same connection).  Joe Conway

Security: CVE-2007-6601
2008-01-03 21:28:18 +00:00
Teodor Sigaev
7b85567962 Backpatch: Fix tsvector_out() and tsquery_out() to escape backslesh, add test of that.
Patch by Bruce Momjian <bruce@momjian.us>
2007-11-16 17:03:15 +00:00
Joe Conway
f83c1a7b97 Have crosstab variants treat NULL rowid as a category in its own right,
per suggestion from Tom Lane. This fixes crash-bug reported by Stefan
Schwarzer.
2007-11-10 05:01:20 +00:00
Tom Lane
edc4d5edbe Defend against openssl libraries that fail on keys longer than 128 bits;
which is the case at least on some Solaris versions.  Marko Kreen
2007-09-29 02:18:21 +00:00
Teodor Sigaev
d77a9018fa Fix crash of to_tsvector() function on huge input: compareWORD()
function didn't return correct result for word position greate than
limit.

Per report from Stuart Bishop <stuart@stuartbishop.net>
2007-09-26 10:17:34 +00:00
Tom Lane
62c42d82aa Remove ill-considered (not to mention undocumented) attempt to make
contrib/intarray's GIN opclass override the built-in default.  Per bug #3048
and other complaints.
2007-09-14 03:25:37 +00:00
Teodor Sigaev
7176065273 Fix header's size of structs defines in ispell. 2007-09-11 13:04:53 +00:00
Teodor Sigaev
eb22ca6f9f Fix indefinit loop in rank_cd for some corner queries.
Per Daniele Varrazzo <piro@develer.com> bug report.
2007-09-07 16:26:59 +00:00
Tom Lane
acb6631041 Restrict pgstattuple functions to superusers. While the only one that's
really a glaring security hole is bt_page_items, there's not a very good
use-case for letting ordinary users use 'em, either.
2007-08-28 23:11:12 +00:00
Tom Lane
f94c9dbf22 Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
2007-08-23 16:15:57 +00:00
Tom Lane
59e4a6941f Fix possible core dump from pgbench -d option. Julius Stroffek 2007-08-22 23:03:33 +00:00
Tom Lane
45839ffd28 Fix CHECK_RELATION_BLOCK_RANGE macro, which was not merely producing
a warning but was outright wrong.
2007-07-15 23:47:13 +00:00
Joe Conway
809b38ce27 Restrict non-superusers to password authenticated connections
to prevent possible escalation of privilege. Provide new SECURITY
DEFINER functions with old behavior, but initially REVOKE ALL
from public for these functions. Per list discussion and design
proposed by Tom Lane.
2007-07-09 01:32:30 +00:00
Teodor Sigaev
100beb0dea Fix caching of unsuccessful initialization of parser or configuration.
Per report from Listmail <lists@peufeu.com>
2007-04-02 11:42:25 +00:00
Teodor Sigaev
fc565cfc7b Fix parser bug on Windows with UTF8 encoding and C locale, the reason was
sizeof(wchar_t) = 2 instead of 4.
2007-03-22 15:59:09 +00:00
Alvaro Herrera
009dac8ed4 Fix uninitialized value in pgstatindex leading to invalid values being
reported in some cases.  Report and patch from Tatsuhito Kasahara.

Also fix a couple of other bugs I noticed in skimming the surrounding code.
2007-03-16 15:06:46 +00:00
Teodor Sigaev
2b1abc8756 Athough cube is a varlena type, nowhere was a detoasting of cube's value, so
fix it.  Add macroses DatumGetNDBOX, PG_GETARG_NDBOX and PG_RETURN_NDBOX.
Backpatch for 8.2 too.

Previous versions use version 0 calling conventions. And fmgr code detoast
values for user-defined functions.
2007-03-07 21:25:18 +00:00
Teodor Sigaev
15f910da96 Fix backend crash in parsing incorrect tsquery.
Per report from Jon Rosebaugh <jon@inklesspen.com>
2007-02-12 14:15:13 +00:00
Teodor Sigaev
35466cff0a Fix localization support for multibyte encoding and C locale.
Slightly reworked patch from Tatsuo Ishii
2007-01-15 15:16:11 +00:00
Tatsuo Ishii
9c505e484c Backport patch.
Call srandom() instead of srand().
pgbench calls random() later, so it should have called srandom().
On most platforms except Windows srandom() is actually identical
to srand(), so the bug only bites Windows users.
per bug report from Akio Ishida.
2007-01-10 01:20:10 +00:00
Tom Lane
32d029573d Add a defense to prevent core dumps if 8.2 version of rank_cd() is used with
the 8.1 SQL function definition for it.  Per report from Rajesh Kumar Mallah,
such a DBA error doesn't seem at all improbable, and the cost of checking for
it is not very high compared to the cost of running this function.  (It would
have been better to change the C name of the function so it wouldn't be called
by the old SQL definition, but it's too late for that now in the 8.2 branch.)
2006-12-28 01:09:04 +00:00
Teodor Sigaev
5ceb508422 Fix memory reallocation condition 2006-12-26 14:55:00 +00:00