Convert newlines to spaces in names written in v11+ pg_dump comments.
Maliciously-crafted object names could achieve SQL injection during
restore. CVE-2012-0868 fixed this class of problem at the time, but
later work reintroduced three cases. Commit
bc8cd50fefd369b217f80078585c486505aafb62 (back-patched to v11+ in
2023-05 releases) introduced the pg_dump case. Commit
6cbdbd9e8d8f2986fde44f2431ed8d0c8fce7f5d (v12+) introduced the two
pg_dumpall cases. Move sanitize_line(), unchanged, to dumputils.c so
pg_dumpall has access to it in all supported versions. Back-patch to
v13 (all supported versions).
Reviewed-by: Robert Haas <robertmhaas@gmail.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 13
Security: CVE-2025-8715
Branch
------
REL_16_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/850caae60c49c15ed021f8051dc39c6e24f2a380
Modified Files
--------------
src/bin/pg_dump/dumputils.c | 37 ++++++++++++++++++++++++++++
src/bin/pg_dump/dumputils.h | 1 +
src/bin/pg_dump/pg_backup_archiver.c | 37 ----------------------------
src/bin/pg_dump/pg_dump.c | 5 +++-
src/bin/pg_dump/pg_dumpall.c | 13 ++++++++--
src/bin/pg_dump/t/002_pg_dump.pl | 21 ++++++++++++++++
src/bin/pg_dump/t/003_pg_dump_with_server.pl | 17 ++++++++++++-
7 files changed, 90 insertions(+), 41 deletions(-)
