database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-24 00:23:06 +03:00
Code Activity

Ensure cached plans are correctly marked as dependent on role.

Browse Source 
If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
This commit is contained in:
Nathan Bossart
2024-11-11 09:00:00 -06:00
parent b7e3a52a87
commit cd7ab57532
5 changed files with 226 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/tools/pgindent/typedefs.list
View File

@@ -3473,6 +3473,7 @@ fill_string_relopt
finalize_primnode_context
find_dependent_phvs_context
find_expr_references_context
fireRIRonSubLink_context
fix_join_expr_context
fix_scan_expr_context
fix_upper_expr_context