diff options
| author | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:31 -0500 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:36 -0500 |
| commit | 23b5a85e60c464ab8bc438a547a4b15260ca9453 (patch) | |
| tree | a7052c7e2039ec185e9b44fdf9b1596c48396a3c /src/pl/plpython/plpython.c | |
| parent | 5d320a16ca544d6e125e962ed325463ad8bec240 (diff) | |
| download | postgresql-23b5a85e60c464ab8bc438a547a4b15260ca9453.tar.gz postgresql-23b5a85e60c464ab8bc438a547a4b15260ca9453.zip | |
Prevent privilege escalation in explicit calls to PL validators.
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly. Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve. Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.
Andres Freund, reviewed by Tom Lane and Noah Misch.
Security: CVE-2014-0061
Diffstat (limited to 'src/pl/plpython/plpython.c')
| -rw-r--r-- | src/pl/plpython/plpython.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/pl/plpython/plpython.c b/src/pl/plpython/plpython.c index 57801cc252e..7610031af19 100644 --- a/src/pl/plpython/plpython.c +++ b/src/pl/plpython/plpython.c @@ -519,6 +519,9 @@ plpython_validator(PG_FUNCTION_ARGS) Form_pg_proc procStruct; bool is_trigger; + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + if (!check_function_bodies) { PG_RETURN_VOID(); @@ -5012,6 +5015,7 @@ PG_FUNCTION_INFO_V1(plpython2_validator); Datum plpython2_validator(PG_FUNCTION_ARGS) { + /* call plpython validator with our fcinfo so it gets our oid */ return plpython_validator(fcinfo); } |