| From: | pgsql-bugs(at)postgresql(dot)org |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | lo_import does not check type before performing an import |
| Date: | 2001-04-21 00:56:29 |
| Message-ID: | 200104210056.f3L0uTu57093@hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Michael Richards (michael(at)fastmail(dot)ca) reports a bug with a severity of 3
The lower the number the more severe it is.
Short Description
lo_import does not check type before performing an import
Long Description
lo_import within pgsql does not verify that it is reading from a file. You can import directories if you like and the imported data is a mess of ASCII. I didn't try it but I'm sure you could get into lots of trouble if you tried something like lo_import('/dev/urandom') or some other device that you can read infinite amounts of data from.
Sample Code
urdr=# insert into test values (lo_import('/home/miker/test'));
INSERT 6816303 1
urdr=# select * from test;
t
---------
6816289
(1 row)
> file /home/miker/test
/home/miker/test: directory
No file was uploaded with this report
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pgsql-bugs | 2001-04-21 00:57:00 | lo_import does not check type before performing an import |
| Previous Message | Peter Eisentraut | 2001-04-20 22:16:43 | Re: pg_ctl restart bug |