Re: [COMMITTERS] pgsql-server/src include/utils/timestamp.h bac ...

Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes:
> thomas@postgresql.org (Thomas Lockhart) writes:
> > Log message:
> >     Add guard code to protect from buffer overruns on long date/time input
> >     strings. Should go back in and look at doing this a bit more elegantly
> >     and (hopefully) cheaper. Probably not too bad anyway, but it seems a
> >     shame to scan the strings twice: once for length for this buffer overrun
> >     protection, and once to parse the line.
> 
> Are these changes available for 7.2, too?  There is at least a DoS
> potential lurking here. :-(

Thomas can correct me if I'm mistaken, but I believe these changes apply
to the new integer datetime code Thomas wrote earlier in the 7.3
development cycle -- i.e. there's no bug present in 7.2, or earlier CVS
code when compiled without --enable-integer-datetimes.

Cheers,

Neil

-- 
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC