From c7cc9b7d408063c04482efb6bdd3c822fc3455ce Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Wed, 25 Apr 2018 18:50:29 -0700 Subject: [PATCH] Correct pg_recvlogical server version test. The predecessor test boiled down to "PQserverVersion(NULL) >= 100000", which is always false. No release includes that, so it could not have reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the predecessor in commit 8d2814f274def85f39fbe997d454b01628cb5667. Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com --- src/bin/pg_basebackup/streamutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c index 42e0cb10821..7b60a070765 100644 --- a/src/bin/pg_basebackup/streamutil.c +++ b/src/bin/pg_basebackup/streamutil.c @@ -212,7 +212,7 @@ GetConnection(void) * 10, so the search path cannot be changed (by us or attackers) on * earlier versions. */ - if (dbname != NULL && PQserverVersion(conn) >= 100000) + if (dbname != NULL && PQserverVersion(tmpconn) >= 100000) { PGresult *res;