| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix xslt_process() to ensure that it inserts a NULL terminator |
| Date: | 2009-07-10 00:32:12 |
| Message-ID: | 20090710003212.95DAE753336@cvs.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Fix xslt_process() to ensure that it inserts a NULL terminator after the
last pair of parameter name/value strings, even when there are MAXPARAMS
of them. Aboriginal bug in contrib/xml2, noted while studying bug #4912
(though I'm not sure whether there's something else involved in that
report).
This might be thought a security issue, since it's a potential backend
crash; but considering that untrustworthy users shouldn't be allowed
to get their hands on xslt_process() anyway, it's probably not worth
getting excited about.
Tags:
----
REL8_3_STABLE
Modified Files:
--------------
pgsql/contrib/xml2:
xslt_proc.c (r1.9 -> r1.9.2.1)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/contrib/xml2/xslt_proc.c?r1=1.9&r2=1.9.2.1)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-07-10 00:32:17 | pgsql: Fix xslt_process() to ensure that it inserts a NULL terminator |
| Previous Message | Tom Lane | 2009-07-10 00:32:06 | pgsql: Fix xslt_process() to ensure that it inserts a NULL terminator |