1berry/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjust datetime parsing to be more robust. We now pass the length of the

Browse Source 
working buffer into ParseDateTime() and reject too-long input there,
rather than checking the length of the input string before calling
ParseDateTime(). The old method was bogus because ParseDateTime() can use
a variable amount of working space, depending on the content of the
input string (e.g. how many fields need to be NUL terminated). This fixes
a minor stack overrun -- I don't _think_ it's exploitable, although I
won't claim to be an expert.

Along the way, fix a bug reported by Mark Dilger: the working buffer
allocated by interval_in() was too short, which resulted in rejecting
some perfectly valid interval input values. I added a regression test for
this fix.
This commit is contained in:
Neil Conway 2005-05-26 02:14:32 +00:00
parent d1d5c0fe2e
commit ab82f60119
7 changed files with 86 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/backend/utils/adt/date.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.93.2.2 2005/04/23 22:53:44 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/date.c,v 1.93.2.3 2005/05/26 02:14:31 neilc Exp $
*
*-------------------------------------------------------------------------
*/
@ -65,12 +65,10 @@ date_in(PG_FUNCTION_ARGS)
int dterr;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char workbuf[MAXDATELEN + 1];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tzp);
if (dterr != 0)
@ -558,15 +556,13 @@ time_in(PG_FUNCTION_ARGS)
int tz;
int nf;
int dterr;
char lowstr[MAXDATELEN + 1];
char workbuf[MAXDATELEN + 1];
char *field[MAXDATEFIELDS];
int dtype;
int ftype[MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz);
if (dterr != 0)
@ -1422,15 +1418,13 @@ timetz_in(PG_FUNCTION_ARGS)
int tz;
int nf;
int dterr;
char lowstr[MAXDATELEN + 1];
char workbuf[MAXDATELEN + 1];
char *field[MAXDATEFIELDS];
int dtype;
int ftype[MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeTimeOnly(field, ftype, nf, &dtype, tm, &fsec, &tz);
if (dterr != 0)

77
src/backend/utils/adt/datetime.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/datetime.c,v 1.118.2.5 2005/04/20 17:15:09 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/datetime.c,v 1.118.2.6 2005/05/26 02:14:31 neilc Exp $
*
*-------------------------------------------------------------------------
*/
@ -696,21 +696,23 @@ TrimTrailingZeros(char *str)
}
}
/* ParseDateTime()
* Break string into tokens based on a date/time context.
* Returns 0 if successful, DTERR code if bogus input detected.
*
* timestr - the input string
* lowstr - workspace for field string storage (must be large enough for
* a copy of the input string, including trailing null)
* workbuf - workspace for field string storage. This must be
* larger than the largest legal input for this datetime type --
* some additional space will be needed to NUL terminate fields.
* buflen - the size of workbuf
* field[] - pointers to field strings are returned in this array
* ftype[] - field type indicators are returned in this array
* maxfields - dimensions of the above two arrays
* *numfields - set to the actual number of fields detected
*
* The fields extracted from the input are stored as separate, null-terminated
* strings in the workspace at lowstr. Any text is converted to lower case.
* The fields extracted from the input are stored as separate,
* null-terminated strings in the workspace at workbuf. Any text is
* converted to lower case.
*
* Several field types are assigned:
* DTK_NUMBER - digits and (possibly) a decimal point
@ -726,12 +728,27 @@ TrimTrailingZeros(char *str)
* DTK_DATE can hold Posix time zones (GMT-8)
*/
int
ParseDateTime(const char *timestr, char *lowstr,
ParseDateTime(const char *timestr, char *workbuf, size_t buflen,
char **field, int *ftype, int maxfields, int *numfields)
{
int nf = 0;
const char *cp = timestr;
char *lp = lowstr;
char *bufp = workbuf;
const char *bufend = workbuf + buflen;
/*
* Set the character pointed-to by "bufptr" to "newchar", and
* increment "bufptr". "end" gives the end of the buffer -- we
* return an error if there is no space left to append a character
* to the buffer. Note that "bufptr" is evaluated twice.
*/
#define APPEND_CHAR(bufptr, end, newchar) \
do \
{ \
if (((bufptr) + 1) >= (end)) \
return DTERR_BAD_FORMAT; \
*(bufptr)++ = newchar; \
} while (0)
/* outer loop through fields */
while (*cp != '\0')
@ -746,23 +763,23 @@ ParseDateTime(const char *timestr, char *lowstr,
/* Record start of current field */
if (nf >= maxfields)
return DTERR_BAD_FORMAT;
field[nf] = lp;
field[nf] = bufp;
/* leading digit? then date or time */
if (isdigit((unsigned char) *cp))
{
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
/* time field? */
if (*cp == ':')
{
ftype[nf] = DTK_TIME;
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp) ||
(*cp == ':') || (*cp == '.'))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
}
/* date field? allow embedded text month */
else if ((*cp == '-') || (*cp == '/') || (*cp == '.'))
@ -770,13 +787,13 @@ ParseDateTime(const char *timestr, char *lowstr,
/* save delimiting character to use later */
char delim = *cp;
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
/* second field is all digits? then no embedded text month */
if (isdigit((unsigned char) *cp))
{
ftype[nf] = ((delim == '.') ? DTK_NUMBER : DTK_DATE);
while (isdigit((unsigned char) *cp))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
/*
* insist that the delimiters match to get a
@ -785,16 +802,16 @@ ParseDateTime(const char *timestr, char *lowstr,
if (*cp == delim)
{
ftype[nf] = DTK_DATE;
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp) || (*cp == delim))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
}
}
else
{
ftype[nf] = DTK_DATE;
while (isalnum((unsigned char) *cp) || (*cp == delim))
*lp++ = tolower((unsigned char) *cp++);
APPEND_CHAR(bufp, bufend, tolower((unsigned char) *cp++));
}
}
@ -808,9 +825,9 @@ ParseDateTime(const char *timestr, char *lowstr,
/* Leading decimal point? Then fractional seconds... */
else if (*cp == '.')
{
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
ftype[nf] = DTK_NUMBER;
}
@ -822,9 +839,9 @@ ParseDateTime(const char *timestr, char *lowstr,
else if (isalpha((unsigned char) *cp))
{
ftype[nf] = DTK_STRING;
*lp++ = tolower((unsigned char) *cp++);
APPEND_CHAR(bufp, bufend, tolower((unsigned char) *cp++));
while (isalpha((unsigned char) *cp))
*lp++ = tolower((unsigned char) *cp++);
APPEND_CHAR(bufp, bufend, tolower((unsigned char) *cp++));
/*
* Full date string with leading text month? Could also be a
@ -835,15 +852,15 @@ ParseDateTime(const char *timestr, char *lowstr,
char delim = *cp;
ftype[nf] = DTK_DATE;
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp) || (*cp == delim))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
}
}
/* sign? then special or numeric timezone */
else if ((*cp == '+') || (*cp == '-'))
{
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
/* soak up leading whitespace */
while (isspace((unsigned char) *cp))
cp++;
@ -851,18 +868,18 @@ ParseDateTime(const char *timestr, char *lowstr,
if (isdigit((unsigned char) *cp))
{
ftype[nf] = DTK_TZ;
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
while (isdigit((unsigned char) *cp) ||
(*cp == ':') || (*cp == '.'))
*lp++ = *cp++;
APPEND_CHAR(bufp, bufend, *cp++);
}
/* special? */
else if (isalpha((unsigned char) *cp))
{
ftype[nf] = DTK_SPECIAL;
*lp++ = tolower((unsigned char) *cp++);
APPEND_CHAR(bufp, bufend, tolower((unsigned char) *cp++));
while (isalpha((unsigned char) *cp))
*lp++ = tolower((unsigned char) *cp++);
APPEND_CHAR(bufp, bufend, tolower((unsigned char) *cp++));
}
/* otherwise something wrong... */
else
@ -879,7 +896,7 @@ ParseDateTime(const char *timestr, char *lowstr,
return DTERR_BAD_FORMAT;
/* force in a delimiter after each field */
*lp++ = '\0';
*bufp++ = '\0';
nf++;
}

18
src/backend/utils/adt/nabstime.c
View File

@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.117.2.1 2004/05/05 17:28:57 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/nabstime.c,v 1.117.2.2 2005/05/26 02:14:31 neilc Exp $
*
*-------------------------------------------------------------------------
*/
@ -366,15 +366,13 @@ abstimein(PG_FUNCTION_ARGS)
*tm = &date;
int dterr;
char *field[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char workbuf[MAXDATELEN + 1];
int dtype;
int nf,
ftype[MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz);
if (dterr != 0)
@ -771,12 +769,10 @@ reltimein(PG_FUNCTION_ARGS)
char *field[MAXDATEFIELDS];
int nf,
ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + 1];
char workbuf[MAXDATELEN + 1];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeInterval(field, ftype, nf, &dtype, tm, &fsec);
if (dterr != 0)

26
src/backend/utils/adt/timestamp.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.96.2.2 2004/12/01 19:57:56 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/timestamp.c,v 1.96.2.3 2005/05/26 02:14:31 neilc Exp $
*
*-------------------------------------------------------------------------
*/
@ -79,12 +79,10 @@ timestamp_in(PG_FUNCTION_ARGS)
int dterr;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
char workbuf[MAXDATELEN + MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz);
if (dterr != 0)
@ -305,12 +303,10 @@ timestamptz_in(PG_FUNCTION_ARGS)
int dterr;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
char workbuf[MAXDATELEN + MAXDATEFIELDS];
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf),
field, ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, &tz);
if (dterr != 0)
@ -464,7 +460,7 @@ interval_in(PG_FUNCTION_ARGS)
int dterr;
char *field[MAXDATEFIELDS];
int ftype[MAXDATEFIELDS];
char lowstr[MAXDATELEN + MAXDATEFIELDS];
char workbuf[256];
tm->tm_year = 0;
tm->tm_mon = 0;
@ -474,10 +470,8 @@ interval_in(PG_FUNCTION_ARGS)
tm->tm_sec = 0;
fsec = 0;
if (strlen(str) >= sizeof(lowstr))
dterr = DTERR_BAD_FORMAT;
else
dterr = ParseDateTime(str, lowstr, field, ftype, MAXDATEFIELDS, &nf);
dterr = ParseDateTime(str, workbuf, sizeof(workbuf), field,
ftype, MAXDATEFIELDS, &nf);
if (dterr == 0)
dterr = DecodeInterval(field, ftype, nf, &dtype, tm, &fsec);
if (dterr != 0)

4
src/include/utils/datetime.h
View File

@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: datetime.h,v 1.45 2003/08/27 23:29:29 tgl Exp $
* $Id: datetime.h,v 1.45.2.1 2005/05/26 02:14:32 neilc Exp $
*
*-------------------------------------------------------------------------
*/
@ -294,7 +294,7 @@ extern void GetCurrentTimeUsec(struct tm * tm, fsec_t *fsec, int *tzp);
extern void j2date(int jd, int *year, int *month, int *day);
extern int date2j(int year, int month, int day);
extern int ParseDateTime(const char *timestr, char *lowstr,
extern int ParseDateTime(const char *timestr, char *workbuf, size_t buflen,
char **field, int *ftype,
int maxfields, int *numfields);
extern int DecodeDateTime(char **field, int *ftype,

7
src/test/regress/expected/interval.out
View File

@ -221,3 +221,10 @@ select avg(f1) from interval_tbl;
@ 4 years 1 mon 10 days 4 hours 18 mins 23 secs
(1 row)
-- test long interval input
select '4 millenniums 5 centuries 4 decades 1 year 4 months 4 days 17 minutes 31 seconds'::interval;
interval
--------------------------------------------
@ 4541 years 4 mons 4 days 17 mins 31 secs
(1 row)

3
src/test/regress/sql/interval.sql
View File

@ -66,3 +66,6 @@ SELECT '' AS ten, INTERVAL_TBL.*;
-- updating pg_aggregate.agginitval
select avg(f1) from interval_tbl;
-- test long interval input
select '4 millenniums 5 centuries 4 decades 1 year 4 months 4 days 17 minutes 31 seconds'::interval;