database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-01 21:31:19 +03:00
Code Activity

Fix pg_recvlogical for pre-10 versions

Browse Source 
In e170b8c8, protection against modified search_path was added. However,
PostgreSQL versions prior to 10 does not accept SQL commands over a
replication connection, so the protection would generate a syntax error.

Since we cannot run SQL commands on it, we are also not vulnerable to
the issue that e170b8c8 fixes, so we can just skip this command for
older versions.

Author: Michael Paquier <michael@paquier.xyz>
This commit is contained in:
Magnus Hagander
2018-03-18 13:08:25 +01:00
parent 092401b14f
commit af5fbb1286
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/bin/pg_basebackup/streamutil.c
View File

@@ -206,8 +206,13 @@ GetConnection(void)
if (conn_opts) if (conn_opts)
PQconninfoFree(conn_opts); PQconninfoFree(conn_opts);
/* Set always-secure search path, so malicious users can't get control. */ /*
if (dbname != NULL) * Set always-secure search path, so malicious users can't get control.
* The capacity to run normal SQL queries was added in PostgreSQL
* 10, so the search path cannot be changed (by us or attackers) on
* earlier versions.
*/
if (dbname != NULL && PQserverVersion(conn) >= 100000)
{ {
PGresult *res; PGresult *res;