Fix handling of wide datetime input/output.

Many server functions use the MAXDATELEN constant to size a buffer for parsing or displaying a datetime value. It was much too small for the longest possible interval output and slightly too small for certain valid timestamp input, particularly input with a long timezone name. The long input was rejected needlessly; the long output caused interval_out() to overrun its buffer. ECPG's pgtypes library has a copy of the vulnerable functions, which bore the same vulnerabilities along with some of its own. In contrast to the server, certain long inputs caused stack overflow rather than failing cleanly. Back-patch to 8.4 (all supported versions). Reported by Daniel Schüssler, reviewed by Tom Lane. Security: CVE-2014-0063
2025-07-02 09:02:37 +03:00 · 2014-02-17 09:33:31 -05:00
parent 5f173040e3
commit 4318daecc9
11 changed files with 111 additions and 35 deletions
--- a/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c
+++ b/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c
@ -45,6 +45,15 @@ char *dates[] = { "19990108foobar",
 				  "1999.008",
 				  "J2451187",
 				  "January 8, 99 BC",
+				  /*
+				   * Maximize space usage in ParseDateTime() with 25
+				   * (MAXDATEFIELDS) fields and 128 (MAXDATELEN) total length.
+				   */
+				  "........................Xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+				  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				  /* 26 fields */
+				  ".........................aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+				  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 				  NULL };

 /* do not conflict with libc "times" symbol */
@ -52,6 +61,7 @@ static char *times[] = { "0:04",
 				  "1:59 PDT",
 				  "13:24:40 -8:00",
 				  "13:24:40.495+3",
+				  "13:24:40.123456789+3",
 				  NULL };

 char *intervals[] = { "1 minute",
@ -73,22 +83,22 @@ main(void)
 		 
 		 
 	
-#line 52 "dt_test2.pgc"
+#line 62 "dt_test2.pgc"
 date date1 ;
 
-#line 53 "dt_test2.pgc"
+#line 63 "dt_test2.pgc"
 timestamp ts1 , ts2 ;
 
-#line 54 "dt_test2.pgc"
+#line 64 "dt_test2.pgc"
 char * text ;
 
-#line 55 "dt_test2.pgc"
+#line 65 "dt_test2.pgc"
 interval * i1 ;
 
-#line 56 "dt_test2.pgc"
+#line 66 "dt_test2.pgc"
 date * dc ;
 /* exec sql end declare section */
-#line 57 "dt_test2.pgc"
+#line 67 "dt_test2.pgc"


 	int i, j;
--- a/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.stdout
+++ b/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.stdout
@ -8,85 +8,104 @@ TS[3,0]: 1999-01-08 00:04:00
 TS[3,1]: 1999-01-08 01:59:00
 TS[3,2]: 1999-01-08 13:24:40
 TS[3,3]: 1999-01-08 13:24:40.495
+TS[3,4]: 1999-01-08 13:24:40.123456
 Date[4]: 1999-01-08 (N - F)
 TS[4,0]: 1999-01-08 00:04:00
 TS[4,1]: 1999-01-08 01:59:00
 TS[4,2]: 1999-01-08 13:24:40
 TS[4,3]: 1999-01-08 13:24:40.495
+TS[4,4]: 1999-01-08 13:24:40.123456
 Date[5]: 1999-01-08 (N - F)
 TS[5,0]: 1999-01-08 00:04:00
 TS[5,1]: 1999-01-08 01:59:00
 TS[5,2]: 1999-01-08 13:24:40
 TS[5,3]: 1999-01-08 13:24:40.495
+TS[5,4]: 1999-01-08 13:24:40.123456
 Date[6]: 1999-01-18 (N - F)
 TS[6,0]: 1999-01-18 00:04:00
 TS[6,1]: 1999-01-18 01:59:00
 TS[6,2]: 1999-01-18 13:24:40
 TS[6,3]: 1999-01-18 13:24:40.495
+TS[6,4]: 1999-01-18 13:24:40.123456
 Date[7]: 2003-01-02 (N - F)
 TS[7,0]: 2003-01-02 00:04:00
 TS[7,1]: 2003-01-02 01:59:00
 TS[7,2]: 2003-01-02 13:24:40
 TS[7,3]: 2003-01-02 13:24:40.495
+TS[7,4]: 2003-01-02 13:24:40.123456
 Date[8]: 1999-01-08 (N - F)
 TS[8,0]: 1999-01-08 00:04:00
 TS[8,1]: 1999-01-08 01:59:00
 TS[8,2]: 1999-01-08 13:24:40
 TS[8,3]: 1999-01-08 13:24:40.495
+TS[8,4]: 1999-01-08 13:24:40.123456
 Date[9]: 1999-01-08 (N - F)
 TS[9,0]: 1999-01-08 00:04:00
 TS[9,1]: 1999-01-08 01:59:00
 TS[9,2]: 1999-01-08 13:24:40
 TS[9,3]: 1999-01-08 13:24:40.495
+TS[9,4]: 1999-01-08 13:24:40.123456
 Date[10]: 1999-01-08 (N - F)
 TS[10,0]: 1999-01-08 00:04:00
 TS[10,1]: 1999-01-08 01:59:00
 TS[10,2]: 1999-01-08 13:24:40
 TS[10,3]: 1999-01-08 13:24:40.495
+TS[10,4]: 1999-01-08 13:24:40.123456
 Date[11]: 1999-01-08 (N - F)
 TS[11,0]: 1999-01-08 00:04:00
 TS[11,1]: 1999-01-08 01:59:00
 TS[11,2]: 1999-01-08 13:24:40
 TS[11,3]: 1999-01-08 13:24:40.495
+TS[11,4]: 1999-01-08 13:24:40.123456
 Date[12]: 1999-01-08 (N - F)
 TS[12,0]: 1999-01-08 00:04:00
 TS[12,1]: 1999-01-08 01:59:00
 TS[12,2]: 1999-01-08 13:24:40
 TS[12,3]: 1999-01-08 13:24:40.495
+TS[12,4]: 1999-01-08 13:24:40.123456
 Date[13]: 2006-01-08 (N - F)
 TS[13,0]: 2006-01-08 00:04:00
 TS[13,1]: 2006-01-08 01:59:00
 TS[13,2]: 2006-01-08 13:24:40
 TS[13,3]: 2006-01-08 13:24:40.495
+TS[13,4]: 2006-01-08 13:24:40.123456
 Date[14]: 1999-01-08 (N - F)
 TS[14,0]: 1999-01-08 00:04:00
 TS[14,1]: 1999-01-08 01:59:00
 TS[14,2]: 1999-01-08 13:24:40
 TS[14,3]: 1999-01-08 13:24:40.495
+TS[14,4]: 1999-01-08 13:24:40.123456
 Date[15]: 1999-01-08 (N - F)
 TS[15,0]: 1999-01-08 00:04:00
 TS[15,1]: 1999-01-08 01:59:00
 TS[15,2]: 1999-01-08 13:24:40
 TS[15,3]: 1999-01-08 13:24:40.495
+TS[15,4]: 1999-01-08 13:24:40.123456
 Date[16]: 1999-01-08 (N - F)
 TS[16,0]: 1999-01-08 00:04:00
 TS[16,1]: 1999-01-08 01:59:00
 TS[16,2]: 1999-01-08 13:24:40
 TS[16,3]: 1999-01-08 13:24:40.495
+TS[16,4]: 1999-01-08 13:24:40.123456
 Date[17]: 1999-01-08 (N - F)
 TS[17,0]: 1999-01-08 00:04:00
 TS[17,1]: 1999-01-08 01:59:00
 TS[17,2]: 1999-01-08 13:24:40
 TS[17,3]: 1999-01-08 13:24:40.495
+TS[17,4]: 1999-01-08 13:24:40.123456
 Date[18]: 1999-01-08 (N - F)
 TS[18,0]: 1999-01-08 00:04:00
 TS[18,1]: 1999-01-08 01:59:00
 TS[18,2]: 1999-01-08 13:24:40
 TS[18,3]: 1999-01-08 13:24:40.495
+TS[18,4]: 1999-01-08 13:24:40.123456
 Date[19]: 0099-01-08 BC (N - F)
 TS[19,0]: 0099-01-08 00:04:00 BC
 TS[19,1]: 0099-01-08 01:59:00 BC
 TS[19,2]: 0099-01-08 13:24:40 BC
+TS[19,4]: 0099-01-08 13:24:40.123456 BC
+Date[20]: - (N - T)
+Date[21]: - (N - T)
 interval[0]: @ 1 min
 interval_copy[0]: @ 1 min
 interval[1]: @ 1 day 12 hours 59 mins 10 secs
--- a/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc
+++ b/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc
@ -27,6 +27,15 @@ char *dates[] = { "19990108foobar",
 				  "1999.008",
 				  "J2451187",
 				  "January 8, 99 BC",
+				  /*
+				   * Maximize space usage in ParseDateTime() with 25
+				   * (MAXDATEFIELDS) fields and 128 (MAXDATELEN) total length.
+				   */
+				  "........................Xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+				  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				  /* 26 fields */
+				  ".........................aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+				  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 				  NULL };

 /* do not conflict with libc "times" symbol */
@ -34,6 +43,7 @@ static char *times[] = { "0:04",
 				  "1:59 PDT",
 				  "13:24:40 -8:00",
 				  "13:24:40.495+3",
+				  "13:24:40.123456789+3",
 				  NULL };

 char *intervals[] = { "1 minute",