Backpatch fix for buffer overrun in parsing refcursor parameters to

author Neil Conway <neilc@samurai.com>

Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)

committer Neil Conway <neilc@samurai.com>

Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)
author Neil Conway <neilc@samurai.com>
Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)
committer Neil Conway <neilc@samurai.com>
Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y

index b3a86236e5ad50cebbd7d7209aa4a44bcea87f3d..725f12f1d32c7e91a167d7aa0ebb9d76579b13ed 100644 (file)
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
   *                       procedural language
   *
   * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.1 2002/05/21 18:50:18 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.2 2005/01/27 01:52:34 neilc Exp $
   *
   *   This software is copyrighted by Jan Wieck - Hamburg.
   *
@@ -476,6 +476,10 @@ decl_cursor_arglist : decl_cursor_arg
                     {
                         int i = $1->nfields++;
  
+                       /* Guard against overflowing the array on malicious input */
+                       if (i >= 1024)
+                           yyerror("too many parameters specified for refcursor");
+
                         $1->fieldnames[i] = $3->refname;
                         $1->varnos[i] = $3->varno;
author	Neil Conway <neilc@samurai.com>
	Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)
committer	Neil Conway <neilc@samurai.com>
	Thu, 27 Jan 2005 01:52:34 +0000 (01:52 +0000)