| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Remove typmod checking from the recent security-related patches. |
| Date: | 2007-02-06 17:35:27 |
| Message-ID: | 20070206173527.219F39FB2B9@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Remove typmod checking from the recent security-related patches. It turns
out that ExecEvalVar and friends don't necessarily have access to a tuple
descriptor with correct typmod: it definitely can contain -1, and possibly
might contain other values that are different from the Var's value.
Arguably this should be cleaned up someday, but it's not a simple change,
and in any case typmod discrepancies don't pose a security hazard.
Per reports from numerous people :-(
I'm not entirely sure whether the failure can occur in 8.0 --- the simple
test cases reported so far don't trigger it there. But back-patch the
change all the way anyway.
Tags:
----
REL8_2_STABLE
Modified Files:
--------------
pgsql/src/backend/executor:
execQual.c (r1.199.2.1 -> r1.199.2.2)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.199.2.1&r2=1.199.2.2)
execUtils.c (r1.140.2.2 -> r1.140.2.3)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.140.2.2&r2=1.140.2.3)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-02-06 17:35:34 | pgsql: Remove typmod checking from the recent security-related patches. |
| Previous Message | Tom Lane | 2007-02-06 17:35:20 | pgsql: Remove typmod checking from the recent security-related patches. |