← Back to branch summary

~ubuntu-branches/ubuntu/precise/postgresql-8.4/precise-security

« back to all changes in this revision

Viewing changes to src/bin/psql/psqlscan.c

  • Committer: Package Import Robot
  • Author(s): Martin Pitt
  • Date: 2013-02-05 16:27:57 UTC
  • mfrom: (1.3.10) (28.1.4 precise-proposed)
  • Revision ID: package-import@ubuntu.com-20130205162757-6meeudvz3rd4zxqr
Tags: 8.4.16-0ubuntu12.04
https://launchpad.net/bugs/1116336
* New upstream security/bug fix release: (LP: #1116336)
  - Prevent execution of enum_recv from SQL
    The function was misdeclared, allowing a simple SQL command to crash the
    server.  In principle an attacker might be able to use it to examine the
    contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
    for reporting this issue. (CVE-2013-0255)
  - See HISTORY/changelog.gz for the other bug fixes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/bin/psql/psqlscan.c
7206
7206
                        /* first byte should always be okay... */
7207
7207
                        newtxt[i] = txt[i];
7208
7208
                        i++;
7209
 
                        while (--thislen > 0)
 
7209
                        while (--thislen > 0 && i < len)
7210
7210
                                newtxt[i++] = (char) 0xFF;
7211
7211
                }
7212
7212
        }