aboutsummaryrefslogtreecommitdiff
path: root/src/backend/access/gist/gistutil.c
diff options
context:
space:
mode:
authorDean Rasheed <dean.a.rasheed@gmail.com>2017-11-06 09:19:22 +0000
committerDean Rasheed <dean.a.rasheed@gmail.com>2017-11-06 09:19:22 +0000
commit87b2ebd352c4afe1ded0841604b59a3afbae97d1 (patch)
tree8366063dbcd2a7b63a60873797ceb12453bd7417 /src/backend/access/gist/gistutil.c
parentc66b438db62748000700c9b90b585e756dd54141 (diff)
downloadpostgresql-87b2ebd352c4afe1ded0841604b59a3afbae97d1.tar.gz
postgresql-87b2ebd352c4afe1ded0841604b59a3afbae97d1.zip
Always require SELECT permission for ON CONFLICT DO UPDATE.
The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies when the update path was taken (regardless of how the arbiter index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced. Security: CVE-2017-15099
Diffstat (limited to 'src/backend/access/gist/gistutil.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-24 19:48:11 +0000