From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Fix tuple printing in error message of tuple routing for partiti |
Date: | 2019-05-06 12:45:36 |
Message-ID: | E1hNczw-0006hr-Ec@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Fix tuple printing in error message of tuple routing for partitions
With correctly crafted DDLs, this could lead to disclosure of arbitrary
backend memory a user may have no right to access. This impacts only
REL_11_STABLE, as the issue has been introduced by 34295b8.
On HEAD, add regression tests to cover this issue in the future.
Author: Michael Paquier
Reviewed-by: Noah Misch
Security: CVE-2019-10129
Branch
------
REL_11_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/52635c276fe352276c157ccea36d7655729d328d
Modified Files
--------------
src/backend/executor/execPartition.c | 8 ++++----
src/test/regress/expected/insert.out | 15 +++++++++++++++
src/test/regress/sql/insert.sql | 7 +++++++
3 files changed, 26 insertions(+), 4 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2019-05-06 13:01:15 | pgsql: Translation updates |
Previous Message | Dean Rasheed | 2019-05-06 11:09:09 | pgsql: Use checkAsUser for selectivity estimator checks, if it's set. |