mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-27 08:39:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
b381b58286
postgresql/contrib/intarray
History
Tom Lane d6d145673f Prevent buffer overrun while parsing an integer in a "query_int" value. 
contrib/intarray's gettoken() uses a fixed-size buffer to collect an
integer's digits, and did not guard against overrunning the buffer.
This is at least a backend crash risk, and in principle might allow
arbitrary code execution.  The code didn't check for overflow of the
integer value either, which while not presenting a crash risk was still
bad.

Thanks to Apple Inc's security team for reporting this issue and supplying
the fix.

Security: CVE-2010-4015
2011-01-27 17:43:07 -05:00
..
bench Add CVS tag lines to files that were lacking them. 2006-03-11 04:38:42 +00:00
data
expected Remove ill-considered (not to mention undocumented) attempt to make 2007-09-14 03:25:31 +00:00
sql Remove ill-considered (not to mention undocumented) attempt to make 2007-09-14 03:25:31 +00:00
_int_bool.c Prevent buffer overrun while parsing an integer in a "query_int" value. 2011-01-27 17:43:07 -05:00
_int_gin.c Fix ginint4_queryextract() to actually do what it was intended to do for an 2010-03-25 15:50:10 +00:00
_int_gist.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int_op.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int_tool.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int.h 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int.sql.in Mark contrib's GiST and GIN opclass support functions as STRICT, for safety. 2009-06-11 18:30:03 +00:00
_intbig_gist.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
.gitignore Some more gitignore cleanups: cover contrib and PL regression test outputs. 2010-09-22 17:22:53 -04:00
Makefile Remove references to READMEs from /contrib Makefiles. 2007-11-10 23:59:52 +00:00
uninstall__int.sql Revert my patch of 2009-04-04 that removed contrib/intarray's definitions of 2009-06-07 20:09:34 +00:00