Hi,

I was able to crash postgres 6.5.3 when I did an 'alter user' command.
After I started a debugger I found the problem in the timezone handling
of
datetime (my Linux box lost its timezone information, that's how the
problem occurred).

Only 7 bytes are reserved for the timezone, without checking for
boundaries.

Attached is a patch that fixes this problem and emits a NOTICE if a
timezone is encountered that is longer than MAXTZLEN bytes, like this:

Jeroen van Vianen

diff --git a/src/backend/utils/adt/dt.c b/src/backend/utils/adt/dt.c
index 43da134d97c978f0a06db9e22976c503730351cd..1e0b0475c468eef23a4c269cb6885d148de3f0ba 100644 (file)
--- a/src/backend/utils/adt/dt.c
+++ b/src/backend/utils/adt/dt.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/utils/adt/Attic/dt.c,v 1.76 1999/07/17 20:17:55 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/utils/adt/Attic/dt.c,v 1.77 1999/12/09 05:02:24 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -4327,7 +4327,7 @@ EncodeDateTime(struct tm * tm, double fsec, int *tzp, char **tzn, int style, cha
                    if ((*tzn != NULL) && (tm->tm_isdst >= 0))
                    {
                        strcpy((str + 27), " ");
-                       strcpy((str + 28), *tzn);
+                       strncpy((str + 28), *tzn, MAXTZLEN);
                    }
                }
                else
@@ -4336,7 +4336,7 @@ EncodeDateTime(struct tm * tm, double fsec, int *tzp, char **tzn, int style, cha
                    if ((*tzn != NULL) && (tm->tm_isdst >= 0))
                    {
                        strcpy((str + 24), " ");
-                       strcpy((str + 25), *tzn);
+                       strncpy((str + 25), *tzn, MAXTZLEN);
                    }
                }
 

diff --git a/src/backend/utils/adt/nabstime.c b/src/backend/utils/adt/nabstime.c
index 13d1e1565dd659a6b58ad1e2d1e6796a2f4d9f82..218fccf64d52c3512ef0473715f8a5323306be24 100644 (file)
--- a/src/backend/utils/adt/nabstime.c
+++ b/src/backend/utils/adt/nabstime.c
@@ -4,7 +4,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- *   $Id: nabstime.c,v 1.61 1999/07/17 20:17:57 momjian Exp $
+ *   $Id: nabstime.c,v 1.62 1999/12/09 05:02:24 momjian Exp $
  *
  */
 #include 
@@ -174,7 +174,16 @@ abstime2tm(AbsoluteTime time, int *tzp, struct tm * tm, char *tzn)
        *tzp = -tm->tm_gmtoff;  /* tm_gmtoff is Sun/DEC-ism */
    /* XXX FreeBSD man pages indicate that this should work - tgl 97/04/23 */
    if (tzn != NULL)
-       strcpy(tzn, tm->tm_zone);
+   {
+       /* Copy no more than MAXTZLEN bytes of timezone to tzn, in case it
+          contains an error message, which doesn't fit in the buffer */
+       strncpy(tzn, tm->tm_zone, MAXTZLEN);
+       if (strlen(tm->tm_zone) > MAXTZLEN)
+       {
+           tzn[MAXTZLEN] = '\0';
+           elog(NOTICE, "Invalid timezone \'%s\'", tm->tm_zone);
+       }
+   }
 #elif defined(HAVE_INT_TIMEZONE)
    if (tzp != NULL)
 #ifdef __CYGWIN__
@@ -183,7 +192,16 @@ abstime2tm(AbsoluteTime time, int *tzp, struct tm * tm, char *tzn)
        *tzp = (tm->tm_isdst ? (timezone - 3600) : timezone);
 #endif
    if (tzn != NULL)
-       strcpy(tzn, tzname[tm->tm_isdst]);
+   {
+       /* Copy no more than MAXTZLEN bytes of timezone to tzn, in case it
+          contains an error message, which doesn't fit in the buffer */
+       strncpy(tzn, tzname[tm->tm_isdst], MAXTZLEN);
+       if (strlen(tzname[tm->tm_isdst]) > MAXTZLEN)
+       {
+           tzn[MAXTZLEN] = '\0';
+           elog(NOTICE, "Invalid timezone \'%s\'", tzname[tm->tm_isdst]);
+       }
+   }
 #else
 #error POSIX time support is broken
 #endif