mirror of
https://github.com/postgres/postgres.git
synced 2025-10-31 10:30:33 +03:00
254eb04f17
Due to simplistic quoting and confusion of database names with conninfo strings, roles with the CREATEDB or CREATEROLE option could escalate to superuser privileges when a superuser next ran certain maintenance commands. The new coding rule for PQconnectdbParams() calls, documented at conninfo_array_parse(), is to pass expand_dbname=true and wrap literal database names in a trivial connection string. Escape zero-length values in appendConnStrVal(). Back-patch to 9.1 (all supported versions). Nathan Bossart, Michael Paquier, and Noah Misch. Reviewed by Peter Eisentraut. Reported by Nathan Bossart. Security: CVE-2016-5424
82 lines
2.1 KiB
C
82 lines
2.1 KiB
C
/*
|
|
* dump.c
|
|
*
|
|
* dump functions
|
|
*
|
|
* Copyright (c) 2010-2014, PostgreSQL Global Development Group
|
|
* contrib/pg_upgrade/dump.c
|
|
*/
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
#include "pg_upgrade.h"
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
void
|
|
generate_old_dump(void)
|
|
{
|
|
int dbnum;
|
|
mode_t old_umask;
|
|
|
|
prep_status("Creating dump of global objects");
|
|
|
|
/* run new pg_dumpall binary for globals */
|
|
exec_prog(UTILITY_LOG_FILE, NULL, true,
|
|
"\"%s/pg_dumpall\" %s --globals-only --quote-all-identifiers "
|
|
"--binary-upgrade %s -f %s",
|
|
new_cluster.bindir, cluster_conn_opts(&old_cluster),
|
|
log_opts.verbose ? "--verbose" : "",
|
|
GLOBALS_DUMP_FILE);
|
|
check_ok();
|
|
|
|
prep_status("Creating dump of database schemas\n");
|
|
|
|
/*
|
|
* Set umask for this function, all functions it calls, and all
|
|
* subprocesses/threads it creates. We can't use fopen_priv() as Windows
|
|
* uses threads and umask is process-global.
|
|
*/
|
|
old_umask = umask(S_IRWXG | S_IRWXO);
|
|
|
|
/* create per-db dump files */
|
|
for (dbnum = 0; dbnum < old_cluster.dbarr.ndbs; dbnum++)
|
|
{
|
|
char sql_file_name[MAXPGPATH],
|
|
log_file_name[MAXPGPATH];
|
|
DbInfo *old_db = &old_cluster.dbarr.dbs[dbnum];
|
|
PQExpBufferData connstr,
|
|
escaped_connstr;
|
|
|
|
initPQExpBuffer(&connstr);
|
|
appendPQExpBuffer(&connstr, "dbname=");
|
|
appendConnStrVal(&connstr, old_db->db_name);
|
|
initPQExpBuffer(&escaped_connstr);
|
|
appendShellString(&escaped_connstr, connstr.data);
|
|
termPQExpBuffer(&connstr);
|
|
|
|
pg_log(PG_STATUS, "%s", old_db->db_name);
|
|
snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid);
|
|
snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid);
|
|
|
|
parallel_exec_prog(log_file_name, NULL,
|
|
"\"%s/pg_dump\" %s --schema-only --quote-all-identifiers "
|
|
"--binary-upgrade --format=custom %s --file=\"%s\" %s",
|
|
new_cluster.bindir, cluster_conn_opts(&old_cluster),
|
|
log_opts.verbose ? "--verbose" : "",
|
|
sql_file_name, escaped_connstr.data);
|
|
|
|
termPQExpBuffer(&escaped_connstr);
|
|
}
|
|
|
|
/* reap all children */
|
|
while (reap_child(true) == true)
|
|
;
|
|
|
|
umask(old_umask);
|
|
|
|
end_progress_output();
|
|
check_ok();
|
|
}
|