database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-31 22:04:40 +03:00
Code Activity

Don't use ordinary NULL-terminated strings as Name datums.

Browse Source 
Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible.  Use the frequent idiom of
copying to a NameData on the stack.  New in 9.3, so no back-patch.
This commit is contained in:
Noah Misch
2013-06-12 19:49:50 -04:00
parent dc3eb56383
commit ff53890f68
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/commands/alter.c
View File

@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
Datum *values; Datum *values;
bool *nulls; bool *nulls;
bool *replaces; bool *replaces;
NameData nameattrdata;
oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId)); oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
if (!HeapTupleIsValid(oldtup)) if (!HeapTupleIsValid(oldtup))
@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum)); values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool)); nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool)); replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
values[Anum_name - 1] = PointerGetDatum(new_name); namestrcpy(&nameattrdata, new_name);
values[Anum_name - 1] = NameGetDatum(&nameattrdata);
replaces[Anum_name - 1] = true; replaces[Anum_name - 1] = true;
newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel), newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
values, nulls, replaces); values, nulls, replaces);

8
src/backend/commands/event_trigger.c
View File

@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
HeapTuple tuple; HeapTuple tuple;
Datum values[Natts_pg_trigger]; Datum values[Natts_pg_trigger];
bool nulls[Natts_pg_trigger]; bool nulls[Natts_pg_trigger];
NameData evtnamedata,
evteventdata;
ObjectAddress myself, ObjectAddress myself,
referenced; referenced;
@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
/* Build the new pg_trigger tuple. */ /* Build the new pg_trigger tuple. */
memset(nulls, false, sizeof(nulls)); memset(nulls, false, sizeof(nulls));
values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname); namestrcpy(&evtnamedata, trigname);
values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname); values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
namestrcpy(&evteventdata, eventname);
values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner); values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid); values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
values[Anum_pg_event_trigger_evtenabled - 1] = values[Anum_pg_event_trigger_evtenabled - 1] =