Backport patch from

http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.diff?r1=1.64.4.1&r2=1.64.4.2

to fix CAN-2005-0247 for postgresql74
Bump PKGREVISION on postgresql74-lib

2 files changed, 87 insertions, 1 deletions

diff --git a/databases/postgresql74/distinfo b/databases/postgresql74/distinfo
index 7a2fe342cfc..9b1d183be58 100644
--- a/databases/postgresql74/distinfo
+++ b/databases/postgresql74/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2005/02/23 16:33:08 agc Exp $
+$NetBSD: distinfo,v 1.17 2005/03/17 22:35:48 jschauma Exp $
 
 SHA1 (postgresql-7.4.7.tar.bz2) = 48fe9187ae1776265756b807254552b4f6bcfcb8
 RMD160 (postgresql-7.4.7.tar.bz2) = 1bbb64c8a9b95cafe0254a0994752b8bbb624346
@@ -10,3 +10,4 @@ SHA1 (patch-ad) = fae5e82e0943ea982c9d3aace290b56c6a7629f9
 SHA1 (patch-ae) = f0e0ad98ebdc972e7c40afd805fbb0d909d5ef3b
 SHA1 (patch-af) = 7373db75fda125b980f2ead990719798c0d22a48
 SHA1 (patch-ag) = a983f23b5e47a4c2f31ba284ff3db51b53cf8414
+SHA1 (patch-ah) = 4cc4e45679284815c32a5ff3b461b12df55d07c2
diff --git a/databases/postgresql74/patches/patch-ah b/databases/postgresql74/patches/patch-ah
new file mode 100644
index 00000000000..410688199b1
--- /dev/null
+++ b/databases/postgresql74/patches/patch-ah
@@ -0,0 +1,85 @@
+$NetBSD: patch-ah,v 1.1 2005/03/17 22:35:48 jschauma Exp $
+
+--- src/pl/plpgsql/src/gram.y.orig	2005-01-20 19:31:21.000000000 -0500
++++ src/pl/plpgsql/src/gram.y	2005-03-17 17:29:03.000000000 -0500
+@@ -1713,6 +1713,15 @@
+ 		}
+ 	}
+ 
++	/* Check for array overflow */
++	if (nparams >= 1024)
++	{
++		plpgsql_error_lineno = lno;
++		ereport(ERROR,
++				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++				errmsg("too many variables specified in SQL statement")));
++	}
++
+ 	expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+ 	expr->dtype			= PLPGSQL_DTYPE_EXPR;
+ 	expr->query			= strdup(plpgsql_dstring_get(&ds));
+@@ -1856,6 +1865,15 @@
+ 
+ 					while ((tok = yylex()) == ',')
+ 					{
++						/* Check for array overflow */
++						if (nfields >= 1024)
++						{
++							plpgsql_error_lineno = plpgsql_scanner_lineno();
++							ereport(ERROR,
++									(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++									errmsg("too many variables specified in SQL statement")));
++						}
++
+ 						tok = yylex();
+ 						switch(tok)
+ 						{
+@@ -1918,6 +1936,15 @@
+ 				plpgsql_dstring_append(&ds, yytext);
+ 				break;
+ 		}
++
++		/* Check for array overflow */
++		if (nparams >= 1024)
++		{
++			plpgsql_error_lineno = plpgsql_scanner_lineno();
++			ereport(ERROR,
++					(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++						errmsg("too many variables specified in SQL statement")));
++			}
+ 	}
+ 
+ 	expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
+@@ -1952,12 +1979,12 @@
+ 
+ 		return (PLpgSQL_stmt *)execsql;
+ 	}
+-}
++	}
+ 
+ 
+-static PLpgSQL_stmt *
+-make_fetch_stmt(void)
+-{
++	static PLpgSQL_stmt *
++	make_fetch_stmt(void)
++	{
+ 	int					tok;
+ 	PLpgSQL_row		   *row = NULL;
+ 	PLpgSQL_rec		   *rec = NULL;
+@@ -1989,6 +2016,15 @@
+ 
+ 				while ((tok = yylex()) == ',')
+ 				{
++						/* Check for array overflow */
++						if (nfields >= 1024)
++						{
++							plpgsql_error_lineno = plpgsql_scanner_lineno();
++							ereport(ERROR,
++									(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
++									errmsg("too many variables specified in SQL statement")));
++					}
++
+ 					tok = yylex();
+ 					switch(tok)
+ 					{