11c6621cb5
installed, the patched gram.y file would not be used and the security patch would be a no-op. Also, I've had reports of compilation errors related to bison. Since checking for the correct version of bison is hard and error prone, I'm doing what the postgresql distribution does - patching the yacc:ed .c file to get rid of the building dependency. Bumping portrevision of -server. Pointy hat to: me Noticed by: Mike Harding and others Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html Approved by: seanc (implicit)
81 lines
2.2 KiB
Plaintext
81 lines
2.2 KiB
Plaintext
--- /opt/portbuild/tmp/opt/ports/databases/postgresql73-server/work/postgresql-7.3.9/src/pl/plpgsql/src/pl.tab.h Sun Feb 20 03:13:44 2005
|
|
+++ src/pl/plpgsql/src/pl.tab.h Sun Feb 20 05:40:07 2005
|
|
@@ -203,7 +203,7 @@
|
|
PLpgSQL_stmt_block *program;
|
|
PLpgSQL_nsitem *nsitem;
|
|
} PLPGSQL_YYSTYPE;
|
|
-/* Line 1248 of yacc.c. */
|
|
+/* Line 1238 of yacc.c. */
|
|
#line 207 "y.tab.h"
|
|
# define plpgsql_yystype PLPGSQL_YYSTYPE /* obsolescent; will be withdrawn */
|
|
# define PLPGSQL_YYSTYPE_IS_DECLARED 1
|
|
--- /opt/portbuild/tmp/opt/ports/databases/postgresql73-server/work/postgresql-7.3.9/src/pl/plpgsql/src/pl_gram.c Mon Jan 31 18:17:16 2005
|
|
+++ src/pl/plpgsql/src/pl_gram.c Sun Feb 20 05:40:07 2005
|
|
@@ -191,7 +191,7 @@
|
|
* procedural language
|
|
*
|
|
* IDENTIFICATION
|
|
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.1 2005/01/27 01:44:42 neilc Exp $
|
|
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.2 2005/02/08 18:22:45 tgl Exp $
|
|
*
|
|
* This software is copyrighted by Jan Wieck - Hamburg.
|
|
*
|
|
@@ -3247,6 +3233,14 @@
|
|
}
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = lno;
|
|
+ elog(ERROR, "too many variables specified in SQL statement");
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -3396,6 +3390,13 @@
|
|
|
|
while ((tok = plpgsql_yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_yylineno;
|
|
+ elog(ERROR, "too many INTO variables specified");
|
|
+ }
|
|
+
|
|
tok = plpgsql_yylex();
|
|
switch(tok)
|
|
{
|
|
@@ -3444,6 +3445,14 @@
|
|
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_yylineno;
|
|
+ elog(ERROR, "too many variables specified in SQL statement");
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -3527,6 +3536,13 @@
|
|
|
|
while ((tok = plpgsql_yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_yylineno;
|
|
+ elog(ERROR, "too many INTO variables specified");
|
|
+ }
|
|
+
|
|
tok = plpgsql_yylex();
|
|
switch(tok)
|
|
{
|