[EMAIL PROTECTED] (Thomas Lockhart) writes: > Log message: > Add guard code to protect from buffer overruns on long date/time input > strings. Should go back in and look at doing this a bit more elegantly > and (hopefully) cheaper. Probably not too bad anyway, but it seems a > shame to scan the strings twice: once for length for this buffer overrun > protection, and once to parse the line.
Are these changes available for 7.2, too? There is at least a DoS potential lurking here. :-( -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html