Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite7370ba

Browse files
committed
Fix xslt_process() to ensure that it inserts a NULL terminator after the
last pair of parameter name/value strings, even when there are MAXPARAMSof them. Aboriginal bug in contrib/xml2, noted while studying bug #4912(though I'm not sure whether there's something else involved in thatreport).This might be thought a security issue, since it's a potential backendcrash; but considering that untrustworthy users shouldn't be allowedto get their hands on xslt_process() anyway, it's probably not worthgetting excited about.
1 parentb11ce56 commite7370ba

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

‎contrib/xml2/xslt_proc.c

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* $PostgreSQL: pgsql/contrib/xml2/xslt_proc.c,v 1.15 2009/06/11 14:48:53 momjian Exp $
2+
* $PostgreSQL: pgsql/contrib/xml2/xslt_proc.c,v 1.16 2009/07/10 00:32:00 tgl Exp $
33
*
44
* XSLT processing functions (requiring libxslt)
55
*
@@ -38,7 +38,8 @@ static void parse_params(const char **params, text *paramstr);
3838
Datumxslt_process(PG_FUNCTION_ARGS);
3939

4040

41-
#defineMAXPARAMS 20
41+
#defineMAXPARAMS 20/* must be even, see parse_params() */
42+
4243

4344
PG_FUNCTION_INFO_V1(xslt_process);
4445

@@ -129,12 +130,11 @@ xslt_process(PG_FUNCTION_ARGS)
129130
}
130131

131132

132-
void
133+
staticvoid
133134
parse_params(constchar**params,text*paramstr)
134135
{
135136
char*pos;
136137
char*pstr;
137-
138138
inti;
139139
char*nvsep="=";
140140
char*itsep=",";
@@ -154,11 +154,13 @@ parse_params(const char **params, text *paramstr)
154154
}
155155
else
156156
{
157-
params[i]=NULL;
157+
/* No equal sign, so ignore this "parameter" */
158+
/* We'll reset params[i] to NULL below the loop */
158159
break;
159160
}
160161
/* Value */
161162
i++;
163+
/* since MAXPARAMS is even, we still have i < MAXPARAMS */
162164
params[i]=pos;
163165
pos=strstr(pos,itsep);
164166
if (pos!=NULL)
@@ -167,9 +169,11 @@ parse_params(const char **params, text *paramstr)
167169
pos++;
168170
}
169171
else
172+
{
173+
i++;
170174
break;
171-
175+
}
172176
}
173-
if (i<MAXPARAMS)
174-
params[i+1]=NULL;
177+
178+
params[i]=NULL;
175179
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp