Security fix:

Two bugs were discovered that lead to a buffer overflow in PostgreSQL in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server. ok Brandon Palmer (maintainer)
2003-11-11 15:11:34 +00:00 · 2003-11-11 15:11:34 +00:00 · f60aece3cd
commit f60aece3cd
parent 31a272ce08
2 changed files with 44 additions and 4 deletions
--- a/databases/postgresql/Makefile
+++ b/databases/postgresql/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.65 2003/05/20 13:52:00 lebel Exp $
+# $OpenBSD: Makefile,v 1.66 2003/11/11 15:11:34 margarida Exp $

 COMMENT=	"PostgreSQL RDBMS"
 COMMENT-tcl=	"PostgreSQL RDBMS tcl libraries and utilities"
@ -7,9 +7,9 @@ COMMENT-docs=	"PostgreSQL RDBMS documentation"

 VERSION=	7.3.2
 DISTNAME=	postgresql-${VERSION}
-PKGNAME-clients=postgresql-clients-${VERSION}
-PKGNAME-docs=	postgresql-docs-${VERSION}
-PKGNAME-tcl=	postgresql-tcl-${VERSION}
+PKGNAME-clients=postgresql-clients-${VERSION}p1
+PKGNAME-docs=	postgresql-docs-${VERSION}p1
+PKGNAME-tcl=	postgresql-tcl-${VERSION}p1
 CATEGORIES=	databases

 HOMEPAGE=	http://www.postgresql.org/
--- a/databases/postgresql/patches/patch-src_backend_utils_adt_ascii_c
+++ b/databases/postgresql/patches/patch-src_backend_utils_adt_ascii_c
@ -0,0 +1,40 @@
+$OpenBSD: patch-src_backend_utils_adt_ascii_c,v 1.1 2003/11/11 15:11:34 margarida Exp $
+--- src/backend/utils/adt/ascii.c.orig	2003-11-08 18:00:02.000000000 +0000
+++ src/backend/utils/adt/ascii.c	2003-11-08 18:04:40.000000000 +0000
+@@ -27,9 +27,9 @@ static text *encode_to_ascii(text *data,
+ char *
+ pg_to_ascii(unsigned char *src, unsigned char *src_end, unsigned char *desc, int enc)
+ {
+-	unsigned char *x = NULL;
+-	unsigned char *ascii = NULL;
+-	int			range = 0;
+	unsigned char *x;
+	unsigned char *ascii;
+	int			range;
+ 
+ 	/*
+ 	 * relevant start for an encoding
+@@ -66,12 +66,13 @@ pg_to_ascii(unsigned char *src, unsigned
+ 	{
+ 		elog(ERROR, "pg_to_ascii(): unsupported encoding from %s",
+ 			 pg_encoding_to_char(enc));
+		return NULL;			/* keep compiler quiet */
+ 	}
+ 
+ 	/*
+ 	 * Encode
+ 	 */
+-	for (x = src; x <= src_end; x++)
+	for (x = src; x < src_end; x++)
+ 	{
+ 		if (*x < 128)
+ 			*desc++ = *x;
+@@ -93,7 +94,7 @@ encode_to_ascii(text *data, int enc)
+ {
+ 	pg_to_ascii(
+ 				(unsigned char *) VARDATA(data),		/* src */
+-				VARDATA(data) + VARSIZE(data),	/* src end */
+				(unsigned char *) (data) + VARSIZE(data),       /* src end */
+ 				(unsigned char *) VARDATA(data),		/* desc */
+ 				enc);			/* encoding */
+