postgresql/contrib
Tom Lane 01824385ae Prevent potential overruns of fixed-size buffers.
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a security
issue.  Nonetheless it seems prudent to forestall any risk by using
strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but
since it touches code adjacent to one of the buffer overrun changes,
I included it in this commit to avoid last-minute merge issues.
This issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
2014-02-17 11:20:21 -05:00
..
adminpack Update copyright for 2014 2014-01-07 16:05:30 -05:00
auth_delay
auto_explain Update copyright for 2014 2014-01-07 16:05:30 -05:00
btree_gin
btree_gist
chkpass Prevent potential overruns of fixed-size buffers. 2014-02-17 11:20:21 -05:00
citext Add record_image_ops opclass for matview concurrent refresh. 2013-10-09 14:26:09 -05:00
cube Use appendStringInfoString instead of appendStringInfo where possible. 2013-10-31 10:55:59 -04:00
dblink Update copyright for 2014 2014-01-07 16:05:30 -05:00
dict_int Update copyright for 2014 2014-01-07 16:05:30 -05:00
dict_xsyn Update copyright for 2014 2014-01-07 16:05:30 -05:00
dummy_seclabel Update copyright for 2014 2014-01-07 16:05:30 -05:00
earthdistance
file_fdw Update copyright for 2014 2014-01-07 16:05:30 -05:00
fuzzystrmatch Update copyright for 2014 2014-01-07 16:05:30 -05:00
hstore Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
intagg
intarray Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
isn Fix calculation of ISMN check digit. 2014-01-13 15:43:29 +02:00
lo Defend against bad trigger definitions in contrib/lo's lo_manage() trigger. 2013-11-23 22:46:43 -05:00
ltree Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
oid2name Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
pageinspect Update copyright for 2014 2014-01-07 16:05:30 -05:00
passwordcheck Update copyright for 2014 2014-01-07 16:05:30 -05:00
pg_archivecleanup Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
pg_buffercache Relax the requirement that all lwlocks be stored in a single array. 2014-01-27 11:07:44 -05:00
pg_freespacemap
pg_prewarm Update copyright for 2014 2014-01-07 16:05:30 -05:00
pg_standby Prevent potential overruns of fixed-size buffers. 2014-02-17 11:20:21 -05:00
pg_stat_statements Make pg_basebackup skip temporary statistics files. 2014-02-03 23:19:49 +09:00
pg_test_fsync pg_test_fsync: add C comment about direct I/O and write size failure 2014-02-12 15:38:29 -05:00
pg_test_timing
pg_trgm Fix possible buffer overrun in contrib/pg_trgm. 2014-01-13 13:07:10 -05:00
pg_upgrade Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
pg_upgrade_support Update copyright for 2014 2014-01-07 16:05:30 -05:00
pg_xlogdump Update copyright for 2014 2014-01-07 16:05:30 -05:00
pgbench Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
pgcrypto Add gen_random_uuid() to contrib/pgcrypto. 2014-01-17 16:52:06 -05:00
pgrowlocks
pgstattuple Compress GIN posting lists, for smaller index size. 2014-01-22 19:20:58 +02:00
postgres_fdw Improve connection-failure error handling in contrib/postgres_fdw. 2014-02-03 21:30:20 -05:00
seg
sepgsql Update copyright for 2014 2014-01-07 16:05:30 -05:00
spi Add use of asprintf() 2013-10-13 00:09:18 -04:00
sslinfo Minor code beautification in contrib/sslinfo. 2014-01-17 20:58:31 -05:00
start-scripts
tablefunc Update copyright for 2014 2014-01-07 16:05:30 -05:00
tcn Update copyright for 2014 2014-01-07 16:05:30 -05:00
test_parser Update copyright for 2014 2014-01-07 16:05:30 -05:00
test_shm_mq Fix whitespace 2014-01-15 21:14:28 -05:00
tsearch2 Update copyright for 2014 2014-01-07 16:05:30 -05:00
unaccent Update copyright for 2014 2014-01-07 16:05:30 -05:00
uuid-ossp Update copyright for 2014 2014-01-07 16:05:30 -05:00
vacuumlo Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
worker_spi Fix some more bugs in signal handlers and process shutdown logic. 2014-02-01 16:21:23 -05:00
xml2
contrib-global.mk
Makefile Test code for shared memory message queue facility. 2014-01-14 12:24:12 -05:00
README Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.