Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes:
> thomas@postgresql.org (Thomas Lockhart) writes:
> > Log message:
> > Add guard code to protect from buffer overruns on long date/time input
> > strings. Should go back in and look at doing this a bit more elegantly
> > and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> > shame to scan the strings twice: once for length for this buffer overrun
> > protection, and once to parse the line.
>
> Are these changes available for 7.2, too? There is at least a DoS
> potential lurking here. :-(
Thomas can correct me if I'm mistaken, but I believe these changes apply
to the new integer datetime code Thomas wrote earlier in the 7.3
development cycle -- i.e. there's no bug present in 7.2, or earlier CVS
code when compiled without --enable-integer-datetimes.
Cheers,
Neil
--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC