rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-15 20:20:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
39,524 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
67fb608fe3
Go to file
Tom Lane 67fb608fe3 Guard against empty buffer in gets_fromFile()'s check for a newline. 
Per the fgets() specification, it cannot return without reading some data
unless it reports EOF or error.  So the code here assumed that the data
buffer would necessarily be nonempty when we go to check for a newline
having been read.  However, Agostino Sarubbo noticed that this could fail
to be true if the first byte of the data is a NUL (\0).  The fgets() API
doesn't really work for embedded NULs, which is something I don't feel
any great need for us to worry about since we generally don't allow NULs
in SQL strings anyway.  But we should not access off the end of our own
buffer if the case occurs.  Normally this would just be a harmless read,
but if you were unlucky the byte before the buffer would contain '\n'
and we'd overwrite it with '\0', and if you were really unlucky that
might be valuable data and psql would crash.

Agostino reported this to pgsql-security, but after discussion we concluded
that it isn't worth treating as a security bug; if you can control the
input to psql you can do far more interesting things than just maybe-crash
it.  Nonetheless, it is a bug, so back-patch to all supported versions.
2016-07-28 18:57:39 -04:00
config Fix configure's incorrect version tests for flex and perl. 2016-05-02 11:18:10 -04:00
contrib Fix assorted fallout from IS [NOT] NULL patch. 2016-07-28 16:09:15 -04:00
doc Improve documentation about CREATE TABLE ... LIKE. 2016-07-28 13:26:59 -04:00
src Guard against empty buffer in gets_fromFile()'s check for a newline. 2016-07-28 18:57:39 -04:00
.dir-locals.el
.gitattributes
.gitignore
aclocal.m4 Revert changes to pthread configure tests on REL9_5_STABLE. 2015-07-09 10:59:10 +03:00
configure Stamp 9.5.3. 2016-05-09 16:50:23 -04:00
configure.in Stamp 9.5.3. 2016-05-09 16:50:23 -04:00
COPYRIGHT Update copyright for 2016 2016-01-02 13:33:39 -05:00
GNUmakefile.in Fix distclean/maintainer-clean targets to remove top-level tmp_install dir. 2015-05-13 18:48:05 -04:00
HISTORY
Makefile
README
README.git

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	http://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
http://www.postgresql.org/download/.  For more information look at our
web site located at http://www.postgresql.org/.