| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix RelationBuildPartitionKey's processing of partition key expr |
| Date: | 2018-02-05 15:37:45 |
| Message-ID: | E1eiiq1-00061J-2c@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix RelationBuildPartitionKey's processing of partition key expressions.
Failure to advance the list pointer while reading partition expressions
from a list results in invoking an input function with inappropriate data,
possibly leading to crashes or, with carefully crafted input, disclosure
of arbitrary backend memory.
Bug discovered independently by Álvaro Herrera and David Rowley.
This patch is by Álvaro but owes something to David's proposed fix.
Back-patch to v10 where the issue was introduced.
Security: CVE-2018-1052
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/fe921a360a4858f537c99d1872d3c3a5a09d6df0
Modified Files
--------------
src/backend/utils/cache/relcache.c | 5 +++++
src/test/regress/expected/create_table.out | 31 ++++++++++++++++++++++--------
src/test/regress/sql/create_table.sql | 11 ++++++++---
3 files changed, 36 insertions(+), 11 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-02-05 15:58:54 | pgsql: Ensure that all temp files made during pg_upgrade are non-world- |
| Previous Message | Tom Lane | 2018-02-05 03:15:29 | Re: pgsql: Fix another instance of unsafe coding for shm_toc_lookup failure |