Reject out-of-range numeric timezone specifications.

In commit 631dc390f49909a5c8ebd6002cfb2bcee5415a9d, we started to handle
simple numeric timezone offsets via the zic library instead of the old
CTimeZone/HasCTZSet kluge.  However, we overlooked the fact that the zic
code will reject UTC offsets exceeding a week (which seems a bit arbitrary,
but not because it's too tight ...).  This led to possibly setting
session_timezone to NULL, which results in crashes in most timezone-related
operations as of 9.4, and crashes in a small number of places even before
that.  So check for NULL return from pg_tzset_offset() and report an
appropriate error message.  Per bug #11014 from Duncan Gillis.

Back-patch to all supported branches, like the previous patch.
(Unfortunately, as of today that no longer includes 8.4.)

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 26378da8279c4c50878e2ad3084676a5b9f3fe1e..74f5437f01c0f0914c34ce995905941b0b1ea4c5 100644 (file)
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -241,6 +241,8 @@ assign_timezone(const char *value, bool doit, GucSource source)
    char       *result;
    char       *endptr;
    double      hours;
+   int         new_ctimezone;
+   pg_tz      *new_tz;
 
    /*
     * Check for INTERVAL 'foo'
@@ -294,16 +296,28 @@ assign_timezone(const char *value, bool doit, GucSource source)
            pfree(interval);
            return NULL;
        }
-       if (doit)
-       {
-           /* Here we change from SQL to Unix sign convention */
+
+       /* Here we change from SQL to Unix sign convention */
 #ifdef HAVE_INT64_TIMESTAMP
-           CTimeZone = -(interval->time / USECS_PER_SEC);
+       new_ctimezone = -(interval->time / USECS_PER_SEC);
 #else
-           CTimeZone = -interval->time;
+       new_ctimezone = -interval->time;
 #endif
-           session_timezone = pg_tzset_offset(CTimeZone);
+       new_tz = pg_tzset_offset(new_ctimezone);
 
+       if (!new_tz)
+       {
+           ereport(GUC_complaint_elevel(source),
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("invalid interval value for time zone: out of range")));
+           pfree(interval);
+           return NULL;
+       }
+
+       if (doit)
+       {
+           CTimeZone = new_ctimezone;
+           session_timezone = new_tz;
            HasCTZSet = true;
        }
        pfree(interval);
@@ -316,11 +330,22 @@ assign_timezone(const char *value, bool doit, GucSource source)
        hours = strtod(value, &endptr);
        if (endptr != value && *endptr == '\0')
        {
+           /* Here we change from SQL to Unix sign convention */
+           new_ctimezone = -hours * SECS_PER_HOUR;
+           new_tz = pg_tzset_offset(new_ctimezone);
+
+           if (!new_tz)
+           {
+               ereport(GUC_complaint_elevel(source),
+                       (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                        errmsg("invalid value for time zone: out of range")));
+               return NULL;
+           }
+
            if (doit)
            {
-               /* Here we change from SQL to Unix sign convention */
-               CTimeZone = -hours * SECS_PER_HOUR;
-               session_timezone = pg_tzset_offset(CTimeZone);
+               CTimeZone = new_ctimezone;
+               session_timezone = new_tz;
                HasCTZSet = true;
            }
        }
@@ -352,8 +377,6 @@ assign_timezone(const char *value, bool doit, GucSource source)
            /*
             * Otherwise assume it is a timezone name, and try to load it.
             */
-           pg_tz      *new_tz;
-
            new_tz = pg_tzset(value);
 
            if (!new_tz)

diff --git a/src/timezone/pgtz.c b/src/timezone/pgtz.c
index 5c28c5c483d74f8968d893f37cc463d72c242764..de1832ab6d2d6a79d625aebfdb30a7b1b26ce4ab 100644 (file)
--- a/src/timezone/pgtz.c
+++ b/src/timezone/pgtz.c
@@ -1333,6 +1333,9 @@ pg_tzset(const char *name)
  * The GMT offset is specified in seconds, positive values meaning west of
  * Greenwich (ie, POSIX not ISO sign convention).  However, we use ISO
  * sign convention in the displayable abbreviation for the zone.
+ *
+ * Caution: this can fail (return NULL) if the specified offset is outside
+ * the range allowed by the zic library.
  */
 pg_tz *
 pg_tzset_offset(long gmtoffset)