pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/databases/postgresql74 Backport patch from



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a5c3bba0d376
branches:  trunk
changeset: 490685:a5c3bba0d376
user:      jschauma <jschauma%pkgsrc.org@localhost>
date:      Thu Mar 17 22:35:48 2005 +0000

description:
Backport patch from
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1&r2=1.64.4.2

to fix CAN-2005-0247 for postgresql74
Bump PKGREVISION on postgresql74-lib

diffstat:

 databases/postgresql74/distinfo         |   3 +-
 databases/postgresql74/patches/patch-ah |  85 +++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletions(-)

diffs (103 lines):

diff -r 3b94bc7eada8 -r a5c3bba0d376 databases/postgresql74/distinfo
--- a/databases/postgresql74/distinfo   Thu Mar 17 22:16:39 2005 +0000
+++ b/databases/postgresql74/distinfo   Thu Mar 17 22:35:48 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2005/02/23 16:33:08 agc Exp $
+$NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $
 
 SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8
 RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346
@@ -10,3 +10,4 @@
 SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b
 SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48
 SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
+SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2
diff -r 3b94bc7eada8 -r a5c3bba0d376 databases/postgresql74/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/postgresql74/patches/patch-ah   Thu Mar 17 22:35:48 2005 +0000
@@ -0,0 +1,85 @@
+$NetBSD: patch-ah,v 1.1 2005/03/17 22:35:48 jschauma Exp $
+
+--- src/pl/plpgsql/src/gram.y.orig     2005-01-20 19:31:21.000000000 -0500
++++ src/pl/plpgsql/src/gram.y  2005-03-17 17:29:03.000000000 -0500
+@@ -1713,6 +1713,15 @@
+               }
+       }
+ 
++      /* Check for array overflow */
++      if (nparams >= 1024)
++      {
++              plpgsql_error_lineno = lno;
++              ereport(ERROR,
++                              (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++                              errmsg("too many variables specified in SQL statement")));
++      }
++
+       expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+       expr->dtype                     = PLPGSQL_DTYPE_EXPR;
+       expr->query                     = strdup(plpgsql_dstring_get(&ds));
+@@ -1856,6 +1865,15 @@
+ 
+                                       while ((tok = yylex()) == ',')
+                                       {
++                                              /* Check for array overflow */
++                                              if (nfields >= 1024)
++                                              {
++                                                      plpgsql_error_lineno = plpgsql_scanner_lineno();
++                                                      ereport(ERROR,
++                                                                      (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++                                                                      errmsg("too many variables specified in SQL statement")));
++                                              }
++
+                                               tok = yylex();
+                                               switch(tok)
+                                               {
+@@ -1918,6 +1936,15 @@
+                               plpgsql_dstring_append(&ds, yytext);
+                               break;
+               }
++
++              /* Check for array overflow */
++              if (nparams >= 1024)
++              {
++                      plpgsql_error_lineno = plpgsql_scanner_lineno();
++                      ereport(ERROR,
++                                      (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++                                              errmsg("too many variables specified in SQL statement")));
++                      }
+       }
+ 
+       expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+@@ -1952,12 +1979,12 @@
+ 
+               return (PLpgSQL_stmt *)execsql;
+       }
+-}
++      }
+ 
+ 
+-static PLpgSQL_stmt *
+-make_fetch_stmt(void)
+-{
++      static PLpgSQL_stmt *
++      make_fetch_stmt(void)
++      {
+       int                                     tok;
+       PLpgSQL_row                *row = NULL;
+       PLpgSQL_rec                *rec = NULL;
+@@ -1989,6 +2016,15 @@
+ 
+                               while ((tok = yylex()) == ',')
+                               {
++                                              /* Check for array overflow */
++                                              if (nfields >= 1024)
++                                              {
++                                                      plpgsql_error_lineno = plpgsql_scanner_lineno();
++                                                      ereport(ERROR,
++                                                                      (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++                                                                      errmsg("too many variables specified in SQL statement")));
++                                      }
++
+                                       tok = yylex();
+                                       switch(tok)
+                                       {



Home | Main Index | Thread Index | Old Index