upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-08 10:38:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend
History
Tom Lane c0c8807ded Make json{b}_populate_recordset() use the right tuple descriptor. 
json{b}_populate_recordset() used the tuple descriptor created from the
query-level AS clause without worrying about whether it matched the actual
input record type.  If it didn't, that would usually result in a crash,
though disclosure of server memory contents seems possible as well, for a
skilled attacker capable of issuing crafted SQL commands.  Instead, use
the query-supplied descriptor only when there is no input tuple to look at,
and otherwise get a tuple descriptor based on the input tuple's own type
marking.  The core code will detect any type mismatch in the latter case.

Michael Paquier and Tom Lane, per a report from David Rowley.
Back-patch to 9.3 where this functionality was introduced.

Security: CVE-2017-15098
2017-11-06 10:29:42 -05:00
..
access Revert bogus fixes of HOT-freezing bug 2017-11-02 15:51:05 +01:00
bootstrap Protect against multixact members wraparound 2015-04-28 11:32:53 -03:00
catalog Rethink the dependencies recorded for FieldSelect/FieldStore nodes. 2017-10-27 12:18:57 -04:00
commands Revert bogus fixes of HOT-freezing bug 2017-11-02 15:51:05 +01:00
executor Revert bogus fixes of HOT-freezing bug 2017-11-02 15:51:05 +01:00
foreign Arrange to cache FdwRoutine structs in foreign tables' relcache entries. 2013-03-06 23:48:09 -05:00
lib Misc comment typo fixes. 2014-12-16 16:39:33 +02:00
libpq Fix misparsing of non-newline-terminated pg_hba.conf files. 2017-10-17 12:15:08 -04:00
main Make fallback implementation of pg_memory_barrier() work in 9.2 and 9.3. 2016-04-16 10:42:07 -04:00
nodes Fix improper repetition of previous results from a hashed aggregate. 2016-08-24 14:37:51 -04:00
optimizer Spelling fixes 2017-03-14 13:45:45 -04:00
parser Dept of second thoughts: keep aliasp_item in sync with tlistitem. 2017-10-27 18:16:25 -04:00
po Translation updates 2017-11-05 17:05:18 -05:00
port Avoid depending on non-POSIX behavior of fcntl(2). 2017-04-21 15:55:56 -04:00
postmaster On Windows, retry process creation if we fail to reserve shared memory. 2017-07-10 11:00:09 -04:00
regex Fix regexport.c to behave sanely with lookaround constraints. 2017-04-13 17:18:35 -04:00
replication Fix coding rules violations in walreceiver.c 2017-10-03 14:58:25 +02:00
rewrite Fix multiple assignments to a column of a domain type. 2017-07-11 16:48:59 -04:00
snowball Fix ancient encoding error in hungarian.stop. 2014-06-10 22:48:39 -04:00
storage Fix race condition in predicate-lock init code in EXEC_BACKEND builds. 2017-07-24 16:45:47 -04:00
tcop Unify SIGHUP handling between normal and walsender backends. 2017-06-05 19:18:16 -07:00
tsearch Reduce memory usage of tsvector type analyze function. 2017-07-12 22:04:08 +03:00
utils Make json{b}_populate_recordset() use the right tuple descriptor. 2017-11-06 10:29:42 -05:00
.gitignore Add gitignore for mingw/cygwin build outputs 2011-06-09 18:11:47 +02:00
common.mk Call check_keywords.pl in maintainer-check 2012-02-27 13:53:12 +02:00
Makefile AIX: Link the postgres executable with -Wl,-brtllib. 2015-07-15 21:00:30 -04:00
nls.mk xlogreader.c: Fix report_invalid_record translatability flag 2015-01-09 12:34:24 -03:00