| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit. We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a security
issue. Nonetheless it seems prudent to forestall any risk by using
strlcpy() and similar functions.
Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.
In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass. The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode"). This ideally should've been a separate commit, but
since it touches code adjacent to one of the buffer overrun changes,
I included it in this commit to avoid last-minute merge issues.
This issue was reported by Honza Horak.
Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
|
|
While working on most platforms the old way sometimes created alignment
problems. This should fix it. Also the regresion tests were updated to test for
the reported case.
Report and fix by MauMau <maumau307@gmail.com>
Conflicts:
src/interfaces/ecpg/preproc/type.c
src/interfaces/ecpg/test/expected/sql-desc.c
|
|
variables is varchar. This fixes this test case:
int main(void)
{
exec sql begin declare section;
varchar a[50], b[50];
exec sql end declare section;
return 0;
}
Since varchars are internally turned into custom structs and
the type name is emitted for these variable declarations,
the preprocessed code previously had:
struct varchar_1 { ... } a _,_ struct varchar_2 { ... } b ;
The comma in the generated C file was a syntax error.
There are no regression test changes since it's not exercised.
Patch by Boszormenyi Zoltan <zb@cybertec.at>
Conflicts:
src/interfaces/ecpg/preproc/ecpg.trailer
|
|
|
|
statements.
|
|
|
|
array datatype which of course is wrong.
Applied patch by Muhammad Usama <m.usama@gmail.com> to fix this.
|
|
|
|
|
|
|
|
Ever since we introduced real prepared statements this should work for
different connections. The old solution just emulating prepared statements,
though, wasn't able to handle this.
Closes: #6309
|
|
|
|
|
|
|
|
|
|
|
|
backported from HEAD.
|
|
|
|
comment.
|
|
list, minus a few specific words that have to be treated specially. This
replaces a hard-wired list of keywords that would have needed manual
maintenance, and was not getting it. The 8.4 coding was already missing
these words, causing ecpg to incorrectly treat them as reserved words:
CALLED, CATALOG, DEFINER, ENUM, FOLLOWING, INVOKER, OPTIONS, PARTITION,
PRECEDING, RANGE, SECURITY, SERVER, UNBOUNDED, WRAPPER. In HEAD we were
additionally missing COMMENTS, FUNCTIONS, SEQUENCES, TABLES.
Per gripe from Bosco Rama.
|
|
It seems the flex developers have decided to change yyleng from int to size_t.
This has already happened in the latest release of OS X, and will start
happening elsewhere once the next release of flex appears. Rather than trying
to divine how it's declared in any particular build, let's just remove the one
existing not-very-necessary external usage.
Back-patch to all supported branches; not so much because users in the field
are likely to care about building old branches with cutting-edge flex, as
to keep OSX-based buildfarm members from having problems with old branches.
|
|
|
|
File that are translated less than 80% have been removed, as per new
translation team policy.
|
|
provided by Andrew.
|
|
|
|
__attribute__() marker so that gcc can validate the format string against
the actual arguments, get rid of overcomplicated and unsafe usage in
base_yyerror().
|
|
|
|
|
|
LC_COLLATE and LC_CTYPE, per discussion on pgsql-hackers.
|
|
In the backend, I changed only a handful of exemplary or important-looking
instances to make use of the plural support; there is probably more work
there. For the rest of the source, this should cover all relevant cases.
|
|
|
|
kwlist.h, to avoid having to link the backend object file into other programs
like pg_dump. We can now simply symlink a single source file from the backend
(kwlookup.c, containing the shared routine ScanKeywordLookup) and compile it
locally, which is a lot cleaner.
|
|
help of pg_dump and pg_dumpall more similar.
|
|
|
|
|
|
|
|
|
|
|
|
preprocessor and the library. This is useful for a number of reasons:
* The preprocessor and the library are in some cases installed in separate
packages and used by different classes of users.
* The library MO files need a different versioning scheme to account for the
soname.
* The makefiles are simpler, more robust, and easier to maintain this way.
(NLS web site was prone to break everytime a build rule changes.)
* Translators might choose to focus on the ecpglib, because that is more
user-facing.
* There was virtually no overlap, so nothing is lost.
|
|
|
|
|
|
|
|
to the gettext domain name, to simplify parallel installations.
Also, rename set_text_domain() to pg_bindtextdomain(), because that is what
it does.
|
|
|
|
|
|
|
|
|
|
|
|
|
