Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdd96d13

Browse files
committed
Add range checks to time_recv() and timetz_recv(), to prevent binary input
of time values that would not be accepted via textual input.Per gripe from Andrew McNamara.This is potentially a back-patchable bug fix, but for the moment it doesn'tseem sufficiently high impact to justify doing that.
1 parentc3707a4 commitdd96d13

File tree

1 file changed

+29
-1
lines changed

1 file changed

+29
-1
lines changed

‎src/backend/utils/adt/date.c

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/utils/adt/date.c,v 1.144 2009/01/01 17:23:49 momjian Exp $
11+
* $PostgreSQL: pgsql/src/backend/utils/adt/date.c,v 1.145 2009/05/26 01:29:09 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -1088,8 +1088,18 @@ time_recv(PG_FUNCTION_ARGS)
10881088

10891089
#ifdefHAVE_INT64_TIMESTAMP
10901090
result=pq_getmsgint64(buf);
1091+
1092+
if (result<INT64CONST(0)||result>USECS_PER_DAY)
1093+
ereport(ERROR,
1094+
(errcode(ERRCODE_DATETIME_VALUE_OUT_OF_RANGE),
1095+
errmsg("time out of range")));
10911096
#else
10921097
result=pq_getmsgfloat8(buf);
1098+
1099+
if (result<0||result> (double)SECS_PER_DAY)
1100+
ereport(ERROR,
1101+
(errcode(ERRCODE_DATETIME_VALUE_OUT_OF_RANGE),
1102+
errmsg("time out of range")));
10931103
#endif
10941104

10951105
AdjustTimeForTypmod(&result,typmod);
@@ -1853,11 +1863,29 @@ timetz_recv(PG_FUNCTION_ARGS)
18531863

18541864
#ifdefHAVE_INT64_TIMESTAMP
18551865
result->time=pq_getmsgint64(buf);
1866+
1867+
if (result->time<INT64CONST(0)||result->time>USECS_PER_DAY)
1868+
ereport(ERROR,
1869+
(errcode(ERRCODE_DATETIME_VALUE_OUT_OF_RANGE),
1870+
errmsg("time out of range")));
18561871
#else
18571872
result->time=pq_getmsgfloat8(buf);
1873+
1874+
if (result->time<0||result->time> (double)SECS_PER_DAY)
1875+
ereport(ERROR,
1876+
(errcode(ERRCODE_DATETIME_VALUE_OUT_OF_RANGE),
1877+
errmsg("time out of range")));
18581878
#endif
1879+
18591880
result->zone=pq_getmsgint(buf,sizeof(result->zone));
18601881

1882+
/* we allow GMT displacements up to 14:59:59, cf DecodeTimezone() */
1883+
if (result->zone <=-15*SECS_PER_HOUR||
1884+
result->zone >=15*SECS_PER_HOUR)
1885+
ereport(ERROR,
1886+
(errcode(ERRCODE_INVALID_TIME_ZONE_DISPLACEMENT_VALUE),
1887+
errmsg("time zone displacement out of range")));
1888+
18611889
AdjustTimeForTypmod(&(result->time),typmod);
18621890

18631891
PG_RETURN_TIMETZADT_P(result);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp