upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-22 17:31:00 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/interfaces
History
Noah Misch e4a4fa2235 Fix handling of wide datetime input/output. 
Many server functions use the MAXDATELEN constant to size a buffer for
parsing or displaying a datetime value.  It was much too small for the
longest possible interval output and slightly too small for certain
valid timestamp input, particularly input with a long timezone name.
The long input was rejected needlessly; the long output caused
interval_out() to overrun its buffer.  ECPG's pgtypes library has a copy
of the vulnerable functions, which bore the same vulnerabilities along
with some of its own.  In contrast to the server, certain long inputs
caused stack overflow rather than failing cleanly.  Back-patch to 8.4
(all supported versions).

Reported by Daniel Schüssler, reviewed by Tom Lane.

Security: CVE-2014-0063
2014-02-17 09:33:32 -05:00
..
ecpg Fix handling of wide datetime input/output. 2014-02-17 09:33:32 -05:00
libpq Improve libpq's error recovery for connection loss during COPY. 2014-02-12 17:50:10 -05:00
Makefile Fix parallel make when running make install before make all 2011-03-08 23:52:29 +02:00