From 6412f3e2d09b562fafc129c134e7336c4fe790ed Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 21 Jul 2014 22:41:20 -0400
Subject: [PATCH] Reject out-of-range numeric timezone specifications.

In commit 631dc390f49909a5c8ebd6002cfb2bcee5415a9d, we started to handle
simple numeric timezone offsets via the zic library instead of the old
CTimeZone/HasCTZSet kluge.  However, we overlooked the fact that the zic
code will reject UTC offsets exceeding a week (which seems a bit arbitrary,
but not because it's too tight ...).  This led to possibly setting
session_timezone to NULL, which results in crashes in most timezone-related
operations as of 9.4, and crashes in a small number of places even before
that.  So check for NULL return from pg_tzset_offset() and report an
appropriate error message.  Per bug #11014 from Duncan Gillis.

Back-patch to all supported branches, like the previous patch.
(Unfortunately, as of today that no longer includes 8.4.)
---
 src/backend/commands/variable.c | 7 +++++++
 src/timezone/pgtz.c             | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index f299738d66b..40a991653d5 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -349,6 +349,13 @@ check_timezone(char **newval, void **extra, GucSource source)
 		}
 	}
 
+	/* Test for failure in pg_tzset_offset, which we assume is out-of-range */
+	if (!new_tz)
+	{
+		GUC_check_errdetail("UTC timezone offset is out of range.");
+		return false;
+	}
+
 	/*
 	 * Pass back data for assign_timezone to use
 	 */
diff --git a/src/timezone/pgtz.c b/src/timezone/pgtz.c
index 3bbe0a86b82..72aa409727d 100644
--- a/src/timezone/pgtz.c
+++ b/src/timezone/pgtz.c
@@ -296,6 +296,9 @@ pg_tzset(const char *name)
  * The GMT offset is specified in seconds, positive values meaning west of
  * Greenwich (ie, POSIX not ISO sign convention).  However, we use ISO
  * sign convention in the displayable abbreviation for the zone.
+ *
+ * Caution: this can fail (return NULL) if the specified offset is outside
+ * the range allowed by the zic library.
  */
 pg_tz *
 pg_tzset_offset(long gmtoffset)
-- 
GitLab