Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

Justin Clift wrote:
> Christopher Kings-Lynne wrote:
> > 
> > > On Tue, 20 Aug 2002, Justin Clift wrote:
> > >
> > > > Vince,
> > > >
> > > > Do you reckon it's worth you responding to "Sir Mordred" and pointing
> > > > out that he overstated the vulnerability?
> > >
> > > Not me.  Tom (pref) or Marc would be the proper respondent.
> > 
> > Has it actually been fixed?
> 
> The TODO list only mentions the cash_out(2) problem, whilst the email
> archives mention them both.
> 
> >From the info still around, this looks to mean that the cash_words()
> problem was fixed, but the cash_out() problem was harder to fix.
> 
> Tom/Bruce, is that correct?

Looks like cash_words is fixed in current CVS, so I guess in 7.2.1:Welcome to psql 7.3devel, the PostgreSQL interactive
terminal.Type: \copyright for distribution terms       \h for help with SQL commands       \? for help on internal
slashcommands       \g or terminate with semicolon to execute query       \q to quittest=> select
cash_words('-700000000000000000000000000000');                                                    cash_words

--------------------------------------------------------------------------------------------------------------------
Minustwenty one million four hundred seventy four thousand eighthundred thirty six dollars and forty eight cents(1
row)

Looks like cash_out still bombs:

test=> select cash_out(2);server closed the connection unexpectedly        This probably means the server terminated
abnormally       before or while processing the request.The connection to the server was lost. Attempting reset:
Failed.


--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073