[EMAIL PROTECTED] (Thomas Lockhart) writes:

> Log message:
>       Add guard code to protect from buffer overruns on long date/time input
>       strings. Should go back in and look at doing this a bit more elegantly
>       and (hopefully) cheaper. Probably not too bad anyway, but it seems a
>       shame to scan the strings twice: once for length for this buffer overrun
>       protection, and once to parse the line.

Are these changes available for 7.2, too?  There is at least a DoS
potential lurking here. :-(

-- 
Florian Weimer                    [EMAIL PROTECTED]
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/users-lounge/docs/faq.html

Reply via email to