| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Convert newlines to spaces in names written in v11+ pg_dump comm |
| Date: | 2025-08-11 13:22:13 |
| Message-ID: | E1ulSTd-00026o-2u@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Convert newlines to spaces in names written in v11+ pg_dump comments.
Maliciously-crafted object names could achieve SQL injection during
restore. CVE-2012-0868 fixed this class of problem at the time, but
later work reintroduced three cases. Commit
bc8cd50fefd369b217f80078585c486505aafb62 (back-patched to v11+ in
2023-05 releases) introduced the pg_dump case. Commit
6cbdbd9e8d8f2986fde44f2431ed8d0c8fce7f5d (v12+) introduced the two
pg_dumpall cases. Move sanitize_line(), unchanged, to dumputils.c so
pg_dumpall has access to it in all supported versions. Back-patch to
v13 (all supported versions).
Reviewed-by: Robert Haas <robertmhaas(at)gmail(dot)com>
Reviewed-by: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Backpatch-through: 13
Security: CVE-2025-8715
Branch
------
REL_13_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/2179e6005ec9500d5e130f53f7d3ed7c8d4439a9
Modified Files
--------------
src/bin/pg_dump/dumputils.c | 37 ++++++++++++++++++++++++++++
src/bin/pg_dump/dumputils.h | 1 +
src/bin/pg_dump/pg_backup_archiver.c | 37 ----------------------------
src/bin/pg_dump/pg_dump.c | 5 +++-
src/bin/pg_dump/pg_dumpall.c | 11 +++++++--
src/bin/pg_dump/t/002_pg_dump.pl | 21 ++++++++++++++++
src/bin/pg_dump/t/003_pg_dump_with_server.pl | 19 ++++++++++++--
7 files changed, 89 insertions(+), 42 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2025-08-11 14:00:49 | pgsql: Restrict psql meta-commands in plain-text dumps. |
| Previous Message | Peter Eisentraut | 2025-08-11 12:45:42 | pgsql: Translation updates |