Participants
Neil Conway
Neil Conway
Thomas Lockhart
Thomas Lockhart
Attachments
Thread Outline
#1Neil ConwayNeil Conway
Aug 20, 2002
#2Thomas LockhartThomas Lockhartto Neil Conway (#1)
Aug 21, 2002

backpatch of datetime fixes

Started by Neil Conwayover 23 years ago2 messages
#1Neil Conway
Neil Conway
neilc@samurai.com
1 attachment(s)

I've backpatched Thomas's fixes for the potential buffer overruns in
the datetime code to the REL7_2_STABLE branch. The required changes
are pretty minimal, and the code passes the regression tests.

However, I haven't yet seen a test-case that demonstrates the buffer
overrun in 7.2 code (I originally found the problem when playing with
datetime on 7.3-dev with integer datetimes) -- I've tested it a little
bit and it seems to work, but this patch probably requires pretty
widespread testing.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

Attachments:

backport_fixes-2.patchtext/x-patchDownload
Index: src/backend/utils/adt/date.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/date.c,v
retrieving revision 1.64.2.1
diff -c -r1.64.2.1 date.c
*** src/backend/utils/adt/date.c	15 Mar 2002 23:37:48 -0000	1.64.2.1
--- src/backend/utils/adt/date.c	20 Aug 2002 22:10:24 -0000
***************
*** 53,58 ****
--- 53,61 ----
  	int			ftype[MAXDATEFIELDS];
  	char		lowstr[MAXDATELEN + 1];
  
+ 	if (strlen(str) >= sizeof(lowstr))
+ 		elog(ERROR, "Bad date external representation (too long) '%s'", str);
+ 
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	 || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tzp) != 0))
  		elog(ERROR, "Bad date external representation '%s'", str);
***************
*** 442,447 ****
--- 445,453 ----
  	int			dtype;
  	int			ftype[MAXDATEFIELDS];
  
+ 	if (strlen(str) >= sizeof(lowstr))
+ 		elog(ERROR, "Bad time external representation (too long) '%s'", str);
+ 
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	 || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, NULL) != 0))
  		elog(ERROR, "Bad time external representation '%s'", str);
***************
*** 950,955 ****
--- 956,965 ----
  	char	   *field[MAXDATEFIELDS];
  	int			dtype;
  	int			ftype[MAXDATEFIELDS];
+ 
+ 	if (strlen(str) >= sizeof(lowstr))
+ 		elog(ERROR, "Bad time with time zone external representation"
+ 			 " (too long) '%s'", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
Index: src/backend/utils/adt/nabstime.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/nabstime.c,v
retrieving revision 1.91
diff -c -r1.91 nabstime.c
*** src/backend/utils/adt/nabstime.c	25 Oct 2001 05:49:44 -0000	1.91
--- src/backend/utils/adt/nabstime.c	20 Aug 2002 22:10:24 -0000
***************
*** 503,510 ****
  	int			nf,
  				ftype[MAXDATEFIELDS];
  
! 	if (strlen(str) > MAXDATELEN)
! 		elog(ERROR, "Bad (length) abstime external representation '%s'", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
--- 503,510 ----
  	int			nf,
  				ftype[MAXDATEFIELDS];
  
! 	if (strlen(str) >= sizeof(lowstr))
! 		elog(ERROR, "Bad abstime external representation '%s' (too long)", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
***************
*** 856,863 ****
  				ftype[MAXDATEFIELDS];
  	char		lowstr[MAXDATELEN + 1];
  
! 	if (strlen(str) > MAXDATELEN)
! 		elog(ERROR, "Bad (length) reltime external representation '%s'", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  		|| (DecodeDateDelta(field, ftype, nf, &dtype, tm, &fsec) != 0))
--- 856,863 ----
  				ftype[MAXDATEFIELDS];
  	char		lowstr[MAXDATELEN + 1];
  
! 	if (strlen(str) >= sizeof(lowstr))
! 		elog(ERROR, "Bad reltime external representation '%s' (too long)", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  		|| (DecodeDateDelta(field, ftype, nf, &dtype, tm, &fsec) != 0))
Index: src/backend/utils/adt/timestamp.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/timestamp.c,v
retrieving revision 1.62.2.1
diff -c -r1.62.2.1 timestamp.c
*** src/backend/utils/adt/timestamp.c	5 Mar 2002 03:45:43 -0000	1.62.2.1
--- src/backend/utils/adt/timestamp.c	20 Aug 2002 22:10:24 -0000
***************
*** 61,67 ****
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + 1];
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
--- 61,70 ----
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
! 
! 	if (strlen(str) >= sizeof(lowstr))
! 		elog(ERROR, "Bad timestamp external representation (too long) '%s'", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
***************
*** 185,191 ****
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + 1];
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
--- 188,198 ----
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
! 
! 	if (strlen(str) >= sizeof(lowstr))
! 		elog(ERROR, "Bad timestamp with time zone"
! 			 " external representation (too long) '%s'", str);
  
  	if ((ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf) != 0)
  	  || (DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz) != 0))
***************
*** 293,299 ****
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + 1];
  
  	tm->tm_year = 0;
  	tm->tm_mon = 0;
--- 300,309 ----
  	int			nf;
  	char	   *field[MAXDATEFIELDS];
  	int			ftype[MAXDATEFIELDS];
! 	char		lowstr[MAXDATELEN + MAXDATEFIELDS];
! 
! 	if (strlen(str) >= sizeof(lowstr))
! 		elog(ERROR, "Bad interval external representation (too long) '%s'", str);
  
  	tm->tm_year = 0;
  	tm->tm_mon = 0;
#2Thomas Lockhart
Thomas Lockhart
lockhart@fourpalms.org
In reply to: Neil Conway (#1)
Re: backpatch of datetime fixes

Neil Conway wrote:

I've backpatched Thomas's fixes for the potential buffer overruns in
the datetime code to the REL7_2_STABLE branch. The required changes
are pretty minimal, and the code passes the regression tests.

However, I haven't yet seen a test-case that demonstrates the buffer
overrun in 7.2 code (I originally found the problem when playing with
datetime on 7.3-dev with integer datetimes)

I've had trouble provoking an error also, but the circumstances should
be related to having a long date/time input, especially if it has more
fields than one would expect in a valid date/time string.

- Thomas

← Back to Topics