Skip site navigation (1) Skip section navigation (2)

pgsql: Remove typmod checking from the recent security-related patches.

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Remove typmod checking from the recent security-related patches.
Date: 2007-02-06 17:35:34
Message-ID: 20070206173534.3A03C9FA434@postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Remove typmod checking from the recent security-related patches.  It turns
out that ExecEvalVar and friends don't necessarily have access to a tuple
descriptor with correct typmod: it definitely can contain -1, and possibly
might contain other values that are different from the Var's value.
Arguably this should be cleaned up someday, but it's not a simple change,
and in any case typmod discrepancies don't pose a security hazard.
Per reports from numerous people :-(

I'm not entirely sure whether the failure can occur in 8.0 --- the simple
test cases reported so far don't trigger it there.  But back-patch the
change all the way anyway.

Tags:
----
REL8_1_STABLE

Modified Files:
--------------
    pgsql/src/backend/executor:
        execQual.c (r1.183.2.5 -> r1.183.2.6)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.183.2.5&r2=1.183.2.6)
        execUtils.c (r1.126.2.4 -> r1.126.2.5)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.126.2.4&r2=1.126.2.5)

pgsql-committers by date

Next:From: Tom LaneDate: 2007-02-06 17:35:41
Subject: pgsql: Remove typmod checking from the recent security-related patches.
Previous:From: Tom LaneDate: 2007-02-06 17:35:27
Subject: pgsql: Remove typmod checking from the recent security-related patches.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group