mirror of
https://git.freebsd.org/ports.git
synced 2025-06-26 15:10:35 -04:00
9c89540227
Prevent overrunning a heap-allocated buffer if more than 1024 parameters to a refcursor declaration are specified. This is a minimally-invasive fix for the buffer overrun. Define LATEST_LINK to avoid package name clashes between the different branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to branch 7.4, keep its LATEST_LINK to a generic value.) Set UNIQUENAME and let it be the same for server & client, so each branch's ports will share the same options file. This adds some no-op knobs to the -client port, but IMO it is better this way. Add space inside paranthesis in OSVERSION conditional to work around (ancient) make bug. [2] Remove the Rendez-Vouz knob for 8.0 since I can't find the software needed to even compile it on FreeBSD. Bump portrevision (for -server only). Noted by: kris [1] PR: ports/77530 [2] Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html Approved by: seanc (mentor)
77 lines
2.1 KiB
Text
77 lines
2.1 KiB
Text
--- src/pl/plpgsql/src/gram.y 2005/01/21 00:31:21 1.48.2.1 REL7_4_7
|
|
+++ src/pl/plpgsql/src/gram.y 2005/02/08 18:22:11 1.48.2.3 REL7_4_STABLE
|
|
@@ -4,7 +4,7 @@
|
|
* procedural language
|
|
*
|
|
* IDENTIFICATION
|
|
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.1 2005/01/21 00:31:21 neilc Exp $
|
|
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.48.2.3 2005/02/08 18:22:11 tgl Exp $
|
|
*
|
|
* This software is copyrighted by Jan Wieck - Hamburg.
|
|
*
|
|
@@ -1699,6 +1699,16 @@ read_sql_construct(int until,
|
|
}
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = lno;
|
|
+ ereport(ERROR,
|
|
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
|
|
+ errmsg("too many variables specified in SQL statement")));
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -1856,6 +1866,15 @@ make_select_stmt(void)
|
|
|
|
while ((tok = yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
|
|
+ ereport(ERROR,
|
|
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
|
|
+ errmsg("too many INTO variables specified")));
|
|
+ }
|
|
+
|
|
tok = yylex();
|
|
switch(tok)
|
|
{
|
|
@@ -1906,6 +1925,16 @@ make_select_stmt(void)
|
|
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
|
|
+ ereport(ERROR,
|
|
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
|
|
+ errmsg("too many variables specified in SQL statement")));
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -1989,6 +2018,15 @@ make_fetch_stmt(void)
|
|
|
|
while ((tok = yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
|
|
+ ereport(ERROR,
|
|
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
|
|
+ errmsg("too many INTO variables specified")));
|
|
+ }
|
|
+
|
|
tok = yylex();
|
|
switch(tok)
|
|
{
|