[Pkg-postgresql-private] Infos and handling #218446

Martin Pitt martin@piware.de
Sat, 1 Nov 2003 12:01:34 +0100 

--St7VIuEGZ6dlpu13
Content-Type: multipart/mixed; boundary="cNdxnHkX5QqsyA0e"
Content-Disposition: inline


--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi again!

On 2003-11-01 11:21 +0100, Martin Pitt wrote:
> Patches [2] and/or [3] seem to be the interesting ones for our stable
> version 7.2. Since [3] only changes a pointer type, it looks a bit
> odd. I have to evaluate this im more detail.

[3] is not just a pointer type cast, but a macro indexing a struct
component, so it really makes a change.

> I will examine that patches and prepare an updated package. I hope
> Oliver (the primary maintainer) is around to sign it (I'm just
> comaintainer).

I prepared the diff according to the upstream CVS, with one exception:
upstream removed the local variable initialisation in pg_to_ascii:

        unsigned char *x =3D NULL;
        unsigned char *ascii =3D NULL;
        int                     range =3D 0;

became
=20
        unsigned char *x;
        unsigned char *ascii;
        int                     range;

I did not make this change. AFAICT it seems to be harmless (since all
variables should be initialized properly by the following code), but
OTOH it cannot see why a proper null initialisation hurts (IMHO the
performance impact is negligible).

I attach the interdiff to the source package (pgpatch.diff).
Unfortunately I don't have a stable system around, so I cannot test
whether the package builds. Building on unstable does not work because
some dependencies changed too heavily. Security Team, do you want to
do this yourself? Please add an NMU line to the changelog then and
change the uploader name.

Thanks in advance!

Martin
--=20
Martin Pitt
home:  www.piware.de
eMail: martin@piware.de

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pgpatch.diff"
Content-Transfer-Encoding: quoted-printable

diff -ru postgresql-7.2.1.orig/debian/changelog postgresql-7.2.1/debian/cha=
ngelog
--- postgresql-7.2.1.orig/debian/changelog	2003-11-01 11:29:51.000000000 +0=
100
+++ postgresql-7.2.1/debian/changelog	2003-11-01 11:48:16.000000000 +0100
@@ -1,3 +1,10 @@
+postgresql (7.2.1-2woody3) stable-security; urgency=3Dlow
+
+  * Fixed buffer overruns in pg_to_ascii() and encode_to_ascii()=20
+    (src/backend/utils/adt/ascii.c). Closes: #218446.
+
+ -- Martin Pitt <mpitt@debian.org>  Sat,  1 Nov 2003 11:44:02 +0100
+
 postgresql (7.2.1-2woody2) stable-security; urgency=3Dhigh
=20
   * Non-maintainer upload by security team
diff -ru postgresql-7.2.1.orig/src/backend/utils/adt/ascii.c postgresql-7.2=
=2E1/src/backend/utils/adt/ascii.c
--- postgresql-7.2.1.orig/src/backend/utils/adt/ascii.c	2001-11-05 18:46:28=
=2E000000000 +0100
+++ postgresql-7.2.1/src/backend/utils/adt/ascii.c	2003-11-01 11:42:08.0000=
00000 +0100
@@ -106,12 +106,13 @@
 	{
 		elog(ERROR, "pg_to_ascii(): unsupported encoding from %s",
 			 pg_encoding_to_char(enc));
+		return NULL;
 	}
=20
 	/*
 	 * Encode
 	 */
-	for (x =3D src; x <=3D src_end; x++)
+	for (x =3D src; x < src_end; x++)
 	{
 		if (*x < 128)
 			*desc++ =3D *x;
@@ -133,7 +134,7 @@
 {
 	pg_to_ascii(
 				(unsigned char *) VARDATA(data),		/* src */
-				VARDATA(data) + VARSIZE(data),	/* src end */
+				(unsigned char *)(data) + VARSIZE(data),	/* src end */
 				(unsigned char *) VARDATA(data),		/* desc */
 				enc);			/* encoding */
=20

--cNdxnHkX5QqsyA0e--

--St7VIuEGZ6dlpu13
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/o5KNDecnbV4Fd/IRAugbAJ9tz5ZVtIK55eEeePWiv5y8ocdq8gCePBPq
/xIynjzQ7XV+W6GuSa2+avQ=
=5CH7
-----END PGP SIGNATURE-----

--St7VIuEGZ6dlpu13--