aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/extension.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/commands/extension.c')
-rw-r--r--src/backend/commands/extension.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 39db7584f33..2ff0d691d86 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -1001,6 +1001,16 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
char *c_sql = read_extension_script_file(control, filename);
Datum t_sql;
+ /*
+ * We filter each substitution through quote_identifier(). When the
+ * arg contains one of the following characters, no one collection of
+ * quoting can work inside $$dollar-quoted string literals$$,
+ * 'single-quoted string literals', and outside of any literal. To
+ * avoid a security snare for extension authors, error on substitution
+ * for arguments containing these.
+ */
+ const char *quoting_relevant_chars = "\"$'\\";
+
/* We use various functions that want to operate on text datums */
t_sql = CStringGetTextDatum(c_sql);
@@ -1030,6 +1040,11 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
t_sql,
CStringGetTextDatum("@extowner@"),
CStringGetTextDatum(qUserName));
+ if (strpbrk(userName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension owner: must not contain any of \"%s\"",
+ quoting_relevant_chars)));
}
/*
@@ -1041,6 +1056,7 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
*/
if (!control->relocatable)
{
+ Datum old = t_sql;
const char *qSchemaName = quote_identifier(schemaName);
t_sql = DirectFunctionCall3Coll(replace_text,
@@ -1048,6 +1064,11 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
t_sql,
CStringGetTextDatum("@extschema@"),
CStringGetTextDatum(qSchemaName));
+ if (t_sql != old && strpbrk(schemaName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension \"%s\" schema: must not contain any of \"%s\"",
+ control->name, quoting_relevant_chars)));
}
/*
@@ -1057,6 +1078,7 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
Assert(list_length(control->requires) == list_length(requiredSchemas));
forboth(lc, control->requires, lc2, requiredSchemas)
{
+ Datum old = t_sql;
char *reqextname = (char *) lfirst(lc);
Oid reqschema = lfirst_oid(lc2);
char *schemaName = get_namespace_name(reqschema);
@@ -1069,6 +1091,11 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
t_sql,
CStringGetTextDatum(repltoken),
CStringGetTextDatum(qSchemaName));
+ if (t_sql != old && strpbrk(schemaName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension \"%s\" schema: must not contain any of \"%s\"",
+ reqextname, quoting_relevant_chars)));
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-24 00:43:13 +0000