Quick Links

Re: No sanity checking performed on binary TIME parameters.

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Andrew McNamara <andrewm(at)object-craft(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: No sanity checking performed on binary TIME parameters.
Date:	2009-05-25 14:57:36
Message-ID:	20090525145736.GQ8123@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> I'm not entirely sure why we put a range limit on time values at all,
> but given that we do, it'd probably be a good idea to check the range
> in the recv functions. I'm inclined to fix this for 8.4, but not
> back-patch because of compatibility considerations. Any objections
> out there?

Are we confident it can't be abused to impact other clients connecting
or break the back-end in some way? More specifically, could it be a
security issue? Havn't looked at it yet, but getting what sounded like
corrupted data back out could be bad..

Stephen

In response to

Re: No sanity checking performed on binary TIME parameters. at 2009-05-25 14:52:41 from Tom Lane

Responses

Re: No sanity checking performed on binary TIME parameters. at 2009-05-25 19:41:10 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2009-05-25 15:02:53	Re: generic options for explain
Previous Message	Tom Lane	2009-05-25 14:55:48	Re: generic options for explain