From 11c6621cb5e7fd88c084d69472323f3fa5d8c8e7 Mon Sep 17 00:00:00 2001 From: Palle Girgensohn Date: Sun, 20 Feb 2005 05:38:24 +0000 Subject: Fixing problems with the recent security patch: When bison was not installed, the patched gram.y file would not be used and the security patch would be a no-op. Also, I've had reports of compilation errors related to bison. Since checking for the correct version of bison is hard and error prone, I'm doing what the postgresql distribution does - patching the yacc:ed .c file to get rid of the building dependency. Bumping portrevision of -server. Pointy hat to: me Noticed by: Mike Harding and others Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html Approved by: seanc (implicit) --- .../files/patch-src-pl-plpgsql-src-pl-gram-c | 91 ++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 databases/postgresql81-server/files/patch-src-pl-plpgsql-src-pl-gram-c (limited to 'databases/postgresql81-server/files') diff --git a/databases/postgresql81-server/files/patch-src-pl-plpgsql-src-pl-gram-c b/databases/postgresql81-server/files/patch-src-pl-plpgsql-src-pl-gram-c new file mode 100644 index 000000000000..e4cb940fda72 --- /dev/null +++ b/databases/postgresql81-server/files/patch-src-pl-plpgsql-src-pl-gram-c @@ -0,0 +1,91 @@ +--- /opt/portbuild/tmp/opt/ports/databases/postgresql80-server/work/postgresql-8.0.1/src/pl/plpgsql/src/pl_gram.c Mon Jan 31 02:41:48 2005 ++++ src/pl/plpgsql/src/pl_gram.c Sun Feb 20 02:19:34 2005 +@@ -191,7 +191,7 @@ + * procedural language + * + * IDENTIFICATION +- * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.1 2005/01/21 00:17:02 neilc Exp $ ++ * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.2 2005/02/07 03:52:22 neilc Exp $ + * + * This software is copyrighted by Jan Wieck - Hamburg. + * +@@ -3426,8 +3412,19 @@ + errmsg("missing \"%s\" at end of SQL statement", + expected))); + } ++ + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = lno; ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_SCALAR: +@@ -3600,6 +3597,15 @@ + + while ((tok = plpgsql_yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = plpgsql_yylex(); + switch(tok) + { +@@ -3650,6 +3656,16 @@ + + if (plpgsql_SpaceScanned) + plpgsql_dstring_append(&ds, " "); ++ ++ /* Check for array overflow */ ++ if (nparams >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many variables specified in SQL statement"))); ++ } ++ + switch (tok) + { + case T_SCALAR: +@@ -3745,6 +3761,15 @@ + + while ((tok = plpgsql_yylex()) == ',') + { ++ /* Check for array overflow */ ++ if (nfields >= 1024) ++ { ++ plpgsql_error_lineno = plpgsql_scanner_lineno(); ++ ereport(ERROR, ++ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), ++ errmsg("too many INTO variables specified"))); ++ } ++ + tok = plpgsql_yylex(); + switch(tok) + { +--- src/pl/plpgsql/src/pl.tab.h.orig Sun Feb 20 06:27:24 2005 ++++ src/pl/plpgsql/src/pl.tab.h Sun Feb 20 06:27:34 2005 +@@ -209,7 +209,7 @@ + PLpgSQL_exceptions *exceptions; + PLpgSQL_nsitem *nsitem; + } PLPGSQL_YYSTYPE; +-/* Line 1248 of yacc.c. */ ++/* Line 1238 of yacc.c. */ + #line 213 "y.tab.h" + # define plpgsql_yystype PLPGSQL_YYSTYPE /* obsolescent; will be withdrawn */ + # define PLPGSQL_YYSTYPE_IS_DECLARED 1 -- cgit v1.2.3