diff options
| author | Bruce Momjian <bruce@momjian.us> | 1999-12-09 05:02:24 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 1999-12-09 05:02:24 +0000 |
| commit | d65a27f9509e8cbd0a0d8a58597bd096c2a22207 (patch) | |
| tree | c84d71172b671d38b944bf3299159120709cc806 /src/backend/utils/adt/nabstime.c | |
| parent | 469cf43fac9bd5e261499c2a922f5cb01fbb95f1 (diff) | |
| download | postgresql-d65a27f9509e8cbd0a0d8a58597bd096c2a22207.tar.gz postgresql-d65a27f9509e8cbd0a0d8a58597bd096c2a22207.zip | |
Hi,
I was able to crash postgres 6.5.3 when I did an 'alter user' command.
After I started a debugger I found the problem in the timezone handling
of
datetime (my Linux box lost its timezone information, that's how the
problem occurred).
Only 7 bytes are reserved for the timezone, without checking for
boundaries.
Attached is a patch that fixes this problem and emits a NOTICE if a
timezone is encountered that is longer than MAXTZLEN bytes, like this:
Jeroen van Vianen
Diffstat (limited to 'src/backend/utils/adt/nabstime.c')
| -rw-r--r-- | src/backend/utils/adt/nabstime.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/backend/utils/adt/nabstime.c b/src/backend/utils/adt/nabstime.c index 13d1e1565dd..218fccf64d5 100644 --- a/src/backend/utils/adt/nabstime.c +++ b/src/backend/utils/adt/nabstime.c @@ -4,7 +4,7 @@ * * Copyright (c) 1994, Regents of the University of California * - * $Id: nabstime.c,v 1.61 1999/07/17 20:17:57 momjian Exp $ + * $Id: nabstime.c,v 1.62 1999/12/09 05:02:24 momjian Exp $ * */ #include <ctype.h> @@ -174,7 +174,16 @@ abstime2tm(AbsoluteTime time, int *tzp, struct tm * tm, char *tzn) *tzp = -tm->tm_gmtoff; /* tm_gmtoff is Sun/DEC-ism */ /* XXX FreeBSD man pages indicate that this should work - tgl 97/04/23 */ if (tzn != NULL) - strcpy(tzn, tm->tm_zone); + { + /* Copy no more than MAXTZLEN bytes of timezone to tzn, in case it + contains an error message, which doesn't fit in the buffer */ + strncpy(tzn, tm->tm_zone, MAXTZLEN); + if (strlen(tm->tm_zone) > MAXTZLEN) + { + tzn[MAXTZLEN] = '\0'; + elog(NOTICE, "Invalid timezone \'%s\'", tm->tm_zone); + } + } #elif defined(HAVE_INT_TIMEZONE) if (tzp != NULL) #ifdef __CYGWIN__ @@ -183,7 +192,16 @@ abstime2tm(AbsoluteTime time, int *tzp, struct tm * tm, char *tzn) *tzp = (tm->tm_isdst ? (timezone - 3600) : timezone); #endif if (tzn != NULL) - strcpy(tzn, tzname[tm->tm_isdst]); + { + /* Copy no more than MAXTZLEN bytes of timezone to tzn, in case it + contains an error message, which doesn't fit in the buffer */ + strncpy(tzn, tzname[tm->tm_isdst], MAXTZLEN); + if (strlen(tzname[tm->tm_isdst]) > MAXTZLEN) + { + tzn[MAXTZLEN] = '\0'; + elog(NOTICE, "Invalid timezone \'%s\'", tzname[tm->tm_isdst]); + } + } #else #error POSIX time support is broken #endif |