postgresql

mirror of https://github.com/postgres/postgres.git synced 2026-03-09 17:50:43 -04:00

History

Alvaro Herrera bf78a6f107 Add missing checks to some of pageinspect's BRIN functions brin_page_type() and brin_metapage_info() did not enforce being called by superuser, like other pageinspect functions that take bytea do. Since they don't verify the passed page thoroughly, it is possible to use them to read the server memory with a carefully crafted bytea value, up to a file kilobytes from where the input bytea is located. Have them throw errors if called by a non-superuser. Report and initial patch: Andreas Seltenreich Security: CVE-2016-3065		2016-03-28 10:57:46 -03:00
..
brinfuncs.c	Add missing checks to some of pageinspect's BRIN functions	2016-03-28 10:57:46 -03:00
btreefuncs.c	Create function prototype as part of PG_FUNCTION_INFO_V1 macro	2014-04-18 00:03:19 -04:00
fsmfuncs.c	Update copyright for 2015	2015-01-06 11:43:47 -05:00
ginfuncs.c	pgindent run for 9.5	2015-05-23 21:35:49 -04:00
heapfuncs.c	Use FLEXIBLE_ARRAY_MEMBER for HeapTupleHeaderData.t_bits[].	2015-02-21 15:13:06 -05:00
Makefile	Add pageinspect functions for inspecting GIN indexes.	2014-11-21 11:58:07 +02:00
pageinspect--1.0--1.1.sql	Fix typos in some error messages thrown by extension scripts when fed to psql.	2014-08-25 18:30:37 +02:00
pageinspect--1.1--1.2.sql	Fix typos in some error messages thrown by extension scripts when fed to psql.	2014-08-25 18:30:37 +02:00
pageinspect--1.2--1.3.sql	pageinspect/BRIN: minor tweaks	2014-12-02 12:20:50 -03:00
pageinspect--1.3.sql	pageinspect/BRIN: minor tweaks	2014-12-02 12:20:50 -03:00
pageinspect--unpackaged--1.0.sql	Fix typos in some error messages thrown by extension scripts when fed to psql.	2014-08-25 18:30:37 +02:00
pageinspect.control	BRIN: Block Range Indexes	2014-11-07 16:38:14 -03:00
rawpage.c	Use FLEXIBLE_ARRAY_MEMBER in a bunch more places.	2015-02-20 00:11:42 -05:00