upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-24 16:09:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/contrib/spi
History
Nathan Bossart 2dc64ef28b refint: Fix SQL injection and buffer overruns. 
Maliciously crafted key value updates could achieve SQL injection
within check_foreign_key().  To fix, ensure new key values are
properly quoted and escaped in the internally generated SQL
statements.  While at it, avoid potential buffer overruns by
replacing the stack buffers for internally generated SQL statements
with StringInfo.

Reported-by: Nikolay Samokhvalov <nik@postgres.ai>
Author: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Fujii Masao <masao.fujii@gmail.com>
Security: CVE-2026-6637
Backpatch-through: 14
2026-05-11 05:13:49 -07:00
..
autoinc--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
autoinc.c Use wrappers of PG_DETOAST_DATUM_PACKED() more. 2017-03-12 19:35:34 -04:00
autoinc.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
autoinc.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
insert_username--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
insert_username.c Replace uses of SPI_modifytuple that intend to allocate in current context. 2016-11-08 15:36:44 -05:00
insert_username.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
insert_username.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
Makefile Remove support for upgrading extensions from "unpackaged" state. 2020-02-19 16:59:14 -05:00
meson.build Update copyright for 2024 2024-01-03 20:49:05 -05:00
moddatetime--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
moddatetime.c Make the order of the header file includes consistent in contrib modules. 2019-10-24 08:05:34 +05:30
moddatetime.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
moddatetime.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
refint--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
refint.c refint: Fix SQL injection and buffer overruns. 2026-05-11 05:13:49 -07:00
refint.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
refint.example Fix inconsistencies and typos in the tree, take 10 2019-08-13 13:53:41 +09:00