aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/copy.c
diff options
context:
space:
mode:
authorStephen Frost <sfrost@snowman.net>2015-01-12 17:04:11 -0500
committerStephen Frost <sfrost@snowman.net>2015-01-28 12:33:15 -0500
commit9406884af19e2620a14059e64d4eb6ab430ab328 (patch)
tree6da36eedd18ec124129de563af9f86f1e174a79c /src/backend/commands/copy.c
parent8eb1e9d962b9c960af7b74348b909680d4610dfe (diff)
downloadpostgresql-9406884af19e2620a14059e64d4eb6ab430ab328.tar.gz
postgresql-9406884af19e2620a14059e64d4eb6ab430ab328.zip
Fix column-privilege leak in error-message paths
While building error messages to return to the user, BuildIndexValueDescription and ri_ReportViolation would happily include the entire key or entire row in the result returned to the user, even if the user didn't have access to view all of the columns being included. Instead, include only those columns which the user is providing or which the user has select rights on. If the user does not have any rights to view the table or any of the columns involved then no detail is provided and a NULL value is returned from BuildIndexValueDescription. Note that, for key cases, the user must have access to all of the columns for the key to be shown; a partial key will not be returned. Back-patch all the way, as column-level privileges are now in all supported versions. This has been assigned CVE-2014-8161, but since the issue and the patch have already been publicized on pgsql-hackers, there's no point in trying to hide this commit.
Diffstat (limited to 'src/backend/commands/copy.c')
-rw-r--r--src/backend/commands/copy.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index e91cc7e02c5..c7537687640 100644
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -148,6 +148,7 @@ typedef struct CopyStateData
Oid *typioparams; /* array of element types for in_functions */
int *defmap; /* array of default att numbers */
ExprState **defexprs; /* array of default att expressions */
+ List *range_table;
/*
* These variables are used to reduce overhead in textual COPY FROM.
@@ -737,6 +738,7 @@ DoCopy(const CopyStmt *stmt, const char *queryString)
bool pipe = (stmt->filename == NULL);
Relation rel;
uint64 processed;
+ RangeTblEntry *rte;
/* Disallow file COPY except to superusers. */
if (!pipe && !superuser())
@@ -750,7 +752,6 @@ DoCopy(const CopyStmt *stmt, const char *queryString)
{
TupleDesc tupDesc;
AclMode required_access = (is_from ? ACL_INSERT : ACL_SELECT);
- RangeTblEntry *rte;
List *attnums;
ListCell *cur;
@@ -795,6 +796,7 @@ DoCopy(const CopyStmt *stmt, const char *queryString)
cstate = BeginCopyFrom(rel, stmt->filename,
stmt->attlist, stmt->options);
+ cstate->range_table = list_make1(rte);
processed = CopyFrom(cstate); /* copy from file to database */
EndCopyFrom(cstate);
}
@@ -802,6 +804,7 @@ DoCopy(const CopyStmt *stmt, const char *queryString)
{
cstate = BeginCopyTo(rel, stmt->query, queryString, stmt->filename,
stmt->attlist, stmt->options);
+ cstate->range_table = list_make1(rte);
processed = DoCopyTo(cstate); /* copy from database to file */
EndCopyTo(cstate);
}
@@ -1933,6 +1936,7 @@ CopyFrom(CopyState cstate)
estate->es_result_relations = resultRelInfo;
estate->es_num_result_relations = 1;
estate->es_result_relation_info = resultRelInfo;
+ estate->es_range_table = cstate->range_table;
/* Set up a tuple slot too */
myslot = ExecInitExtraTupleSlot(estate);