Quick Links

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?

From:	Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>
To:	Dilip Kumar <dilipbalaut(at)gmail(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Amit Langote <amitlangote09(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Date:	2018-11-02 08:04:27
Message-ID:	01981f9d-b875-9ef7-5a86-1371c6c531db@lab.ntt.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2018/11/01 20:34, Dilip Kumar wrote:
> On Mon, Oct 29, 2018 at 2:53 PM Amit Langote wrote:
>> Anyway, why don't we just use the child table's AppendRelInfo to get the
>> parent's version of varattno instead of creating a new function? It can
>> be done as shown in the attached revised version of the portion of the
>> patch changing selfuncs.c. Please take a look.
>
> +1

Okay, here are two patches:

0001 adds a new RelOptInfo member inh_root_parent that's set for
inheritance child otherrels and contains the RT index of the inheritance
parent table mentioned in the query from which they originated.

0002 is your patch that modifies examine_variable, etc. to use the
permissions granted on parent before reading stats on otherrel inheritance
child tables. I've added your name as the author in the 2nd patch.

Thanks,
Amit

Attachment	Content-Type	Size
0001-Store-inheritance-root-parent-index-in-otherrel-s-Re.patch	text/plain	2.5 KB
0002-Use-permissions-granted-on-parent-to-read-stats-on-o.patch	text/plain	2.7 KB

In response to

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? at 2018-11-01 11:34:14 from Dilip Kumar

Responses

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? at 2019-07-10 04:14:37 from Dilip Kumar

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Pavel Stehule	2018-11-02 08:23:35	Re: bugfix: BUG #15477: Procedure call with named inout refcursor parameter - "invalid input syntax for type boolean"
Previous Message	Peter Eisentraut	2018-11-02 08:02:47	Re: bugfix: BUG #15477: Procedure call with named inout refcursor parameter - "invalid input syntax for type boolean"