Home > mailing lists

pgsql: Further fixes to the pg_get_expr() security fix in back branches - Mailing list pgsql-committers

From	Tom Lane
Subject	pgsql: Further fixes to the pg_get_expr() security fix in back branches
Date	September 25, 2010 18:17:41
Msg-id	E1Ozc7h-0003NV-8D@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.

Branch
------
REL8_0_STABLE

Details
-------
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=46286d62092c2f97fdc68ff0ffa02739395340e9

Modified Files
--------------
src/backend/parser/parse_func.c |   80 +++++++++++++++++++++++++++------------
1 files changed, 56 insertions(+), 24 deletions(-)

pgsql-committers by date:

From: Alvaro Herrera
Date: 25 September 2010, 00:11:47
Subject: Re: pgsql: git_topo_order script, to match up commits across branches.

From: Tom Lane
Date: 25 September 2010, 18:17:42
Subject: pgsql: Further fixes to the pg_get_expr() security fix in back branches

pgsql: Further fixes to the pg_get_expr() security fix in back branches - Mailing list pgsql-committers

Previous

Next