summaryrefslogtreecommitdiff
path: root/databases/postgresql73
diff options
context:
space:
mode:
authorjschauma <jschauma@pkgsrc.org>2005-03-17 21:38:32 +0000
committerjschauma <jschauma@pkgsrc.org>2005-03-17 21:38:32 +0000
commit6dd2b9ed4abbea5ba67f93ba588468eae302298e (patch)
treeff069e1d20edbfc914d51e1a735baf58be3d5535 /databases/postgresql73
parent9a87eaf7c7ece4530562019463821be7968f95e2 (diff)
downloadpkgsrc-6dd2b9ed4abbea5ba67f93ba588468eae302298e.tar.gz
Backport patch from http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1&r2=1.64.4.2
to fix CAN-2005-0247 for postgresql73 Bump PKGREVISION on postgresql73-lib
Diffstat (limited to 'databases/postgresql73')
-rw-r--r--databases/postgresql73/distinfo3
-rw-r--r--databases/postgresql73/patches/patch-al60
2 files changed, 62 insertions, 1 deletions
diff --git a/databases/postgresql73/distinfo b/databases/postgresql73/distinfo
index 0280a013594..dadafe3f2a4 100644
--- a/databases/postgresql73/distinfo
+++ b/databases/postgresql73/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2005/02/23 16:33:08 agc Exp $
+$NetBSD: distinfo,v 1.8 2005/03/17 21:38:32 jschauma Exp $
SHA1 (postgresql-7.3.9.tar.gz) = 01481f3af507cb6b361bd71fc51c0fb8c06905da
RMD160 (postgresql-7.3.9.tar.gz) = 61b97bd71cee3e107419598b75d0ec0734df2791
@@ -14,3 +14,4 @@ SHA1 (patch-ah) = 210c0dda3c32481280fe5f2a9525d33f1d989c6d
SHA1 (patch-ai) = d7889e05ab7963f2b93b46c953cbf1a44e9c0fe5
SHA1 (patch-aj) = 4c46173cba1dd36296d8b3fcca8cdfebcc717162
SHA1 (patch-ak) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
+SHA1 (patch-al) = 6ad25b048e46a40bcaadd3f5322ee33bbd1a2fa7
diff --git a/databases/postgresql73/patches/patch-al b/databases/postgresql73/patches/patch-al
new file mode 100644
index 00000000000..265823fd2d0
--- /dev/null
+++ b/databases/postgresql73/patches/patch-al
@@ -0,0 +1,60 @@
+$NetBSD: patch-al,v 1.1 2005/03/17 21:38:32 jschauma Exp $
+
+--- src/pl/plpgsql/src/gram.y.orig 2005-01-26 20:44:42.000000000 -0500
++++ src/pl/plpgsql/src/gram.y 2005-03-17 16:34:50.000000000 -0500
+@@ -1626,6 +1626,13 @@
+ }
+ }
+
++ /* Check for array overflow */
++ if (nparams >= 1024)
++ {
++ plpgsql_error_lineno = lno;
++ elog(ERROR, "too many variables specified in SQL statement");
++ }
++
+ expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+ expr->dtype = PLPGSQL_DTYPE_EXPR;
+ expr->query = strdup(plpgsql_dstring_get(&ds));
+@@ -1761,6 +1768,13 @@
+
+ while ((tok = yylex()) == ',')
+ {
++ /* Check for array overflow */
++ if (nfields >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ elog(ERROR, "too many variables specified in SQL statement");
++ }
++
+ tok = yylex();
+ switch(tok)
+ {
+@@ -1821,6 +1835,13 @@
+ plpgsql_dstring_append(&ds, yytext);
+ break;
+ }
++
++ /* Check for array overflow */
++ if (nparams >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ elog(ERROR, "too many variables specified in SQL statement");
++ }
+ }
+
+ expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+@@ -1892,6 +1913,13 @@
+
+ while ((tok = yylex()) == ',')
+ {
++ /* Check for array overflow */
++ if (nfields >= 1024)
++ {
++ plpgsql_error_lineno = plpgsql_scanner_lineno();
++ elog(ERROR, "too many variables specified in SQL statement");
++ }
++
+ tok = yylex();
+ switch(tok)
+ {