diff options
| author | Noah Misch <noah@leadboat.com> | 2013-06-12 19:49:50 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2013-06-12 19:49:50 -0400 |
| commit | ff53890f687c7f6b2a10db6661e9c32faf832636 (patch) | |
| tree | bd1bd5221cc815a5c0169f593292cf81f44542b4 /src | |
| parent | dc3eb5638349e74a6628130a5101ce866455f4a3 (diff) | |
| download | postgresql-ff53890f687c7f6b2a10db6661e9c32faf832636.tar.gz postgresql-ff53890f687c7f6b2a10db6661e9c32faf832636.zip | |
Don't use ordinary NULL-terminated strings as Name datums.
Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible. Use the frequent idiom of
copying to a NameData on the stack. New in 9.3, so no back-patch.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/commands/alter.c | 4 | ||||
| -rw-r--r-- | src/backend/commands/event_trigger.c | 8 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c index 178c97949dc..bb6c1a46606 100644 --- a/src/backend/commands/alter.c +++ b/src/backend/commands/alter.c @@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name) Datum *values; bool *nulls; bool *replaces; + NameData nameattrdata; oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId)); if (!HeapTupleIsValid(oldtup)) @@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name) values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum)); nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool)); replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool)); - values[Anum_name - 1] = PointerGetDatum(new_name); + namestrcpy(&nameattrdata, new_name); + values[Anum_name - 1] = NameGetDatum(&nameattrdata); replaces[Anum_name - 1] = true; newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel), values, nulls, replaces); diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c index a0f97e460e6..328e2a89524 100644 --- a/src/backend/commands/event_trigger.c +++ b/src/backend/commands/event_trigger.c @@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner, HeapTuple tuple; Datum values[Natts_pg_trigger]; bool nulls[Natts_pg_trigger]; + NameData evtnamedata, + evteventdata; ObjectAddress myself, referenced; @@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner, /* Build the new pg_trigger tuple. */ memset(nulls, false, sizeof(nulls)); - values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname); - values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname); + namestrcpy(&evtnamedata, trigname); + values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata); + namestrcpy(&evteventdata, eventname); + values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata); values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner); values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid); values[Anum_pg_event_trigger_evtenabled - 1] = |