database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-11 10:01:57 +03:00
Code Activity

Prevent privilege escalation in explicit calls to PL validators.

Browse Source 
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
This commit is contained in:
Noah Misch
2014-02-17 09:33:31 -05:00
parent 15a8f97b9d
commit 1d701d28a7
8 changed files with 109 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pl/plperl/plperl.c
View File

@ -1847,6 +1847,9 @@ plperl_validator(PG_FUNCTION_ARGS)
bool istrigger = false;
int i;
if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid))
PG_RETURN_VOID();
/* Get the new function's pg_proc entry */
tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid));
if (!HeapTupleIsValid(tuple))
@ -1926,6 +1929,7 @@ PG_FUNCTION_INFO_V1(plperlu_validator);
Datum
plperlu_validator(PG_FUNCTION_ARGS)
{
/* call plperl validator with our fcinfo so it gets our oid */
return plperl_validator(fcinfo);
}