From: | pgsql-bugs(at)postgresql(dot)org |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | lo_import does not check type before performing an import |
Date: | 2001-04-21 00:57:00 |
Message-ID: | 200104210057.f3L0v0x57616@hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Michael Richards (michael(at)fastmail(dot)ca) reports a bug with a severity of 3
The lower the number the more severe it is.
Short Description
lo_import does not check type before performing an import
Long Description
lo_import within pgsql does not verify that it is reading from a file. You can import directories if you like and the imported data is a mess of ASCII. I didn't try it but I'm sure you could get into lots of trouble if you tried something like lo_import('/dev/urandom') or some other device that you can read infinite amounts of data from.
This affects postgres 7.03 and possibly others.
Sample Code
urdr=# insert into test values (lo_import('/home/miker/test'));
INSERT 6816303 1
urdr=# select * from test;
t
---------
6816289
(1 row)
> file /home/miker/test
/home/miker/test: directory
No file was uploaded with this report
From | Date | Subject | |
---|---|---|---|
Next Message | pgsql-bugs | 2001-04-21 01:07:17 | SQL function lo_unlink is not documented |
Previous Message | pgsql-bugs | 2001-04-21 00:56:29 | lo_import does not check type before performing an import |