diff options
Diffstat (limited to 'src/backend/parser/parse_expr.c')
| -rw-r--r-- | src/backend/parser/parse_expr.c | 83 |
1 files changed, 2 insertions, 81 deletions
diff --git a/src/backend/parser/parse_expr.c b/src/backend/parser/parse_expr.c index 36d7bddc439..f91811378f2 100644 --- a/src/backend/parser/parse_expr.c +++ b/src/backend/parser/parse_expr.c @@ -8,15 +8,13 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/parse_expr.c,v 1.198.2.3 2010/06/30 18:11:04 heikki Exp $ + * $PostgreSQL: pgsql/src/backend/parser/parse_expr.c,v 1.198.2.4 2010/07/30 17:57:12 tgl Exp $ * *------------------------------------------------------------------------- */ #include "postgres.h" -#include "catalog/pg_attrdef.h" -#include "catalog/pg_constraint.h" #include "catalog/pg_type.h" #include "commands/dbcommands.h" #include "mb/pg_wchar.h" @@ -35,7 +33,6 @@ #include "parser/parse_target.h" #include "parser/parse_type.h" #include "utils/builtins.h" -#include "utils/fmgroids.h" #include "utils/lsyscache.h" @@ -959,7 +956,6 @@ transformFuncCall(ParseState *pstate, FuncCall *fn) { List *targs; ListCell *args; - Node *result; /* * Transform the list of arguments. We use a shallow list copy and then @@ -975,88 +971,13 @@ transformFuncCall(ParseState *pstate, FuncCall *fn) (Node *) lfirst(args)); } - result = ParseFuncOrColumn(pstate, + return ParseFuncOrColumn(pstate, fn->funcname, targs, fn->agg_star, fn->agg_distinct, false, fn->location); - - /* - * pg_get_expr() is a system function that exposes the expression - * deparsing functionality in ruleutils.c to users. Very handy, but - * it was later realized that the functions in ruleutils.c don't check - * the input rigorously, assuming it to come from system catalogs and - * to therefore be valid. That makes it easy for a user to crash the - * backend by passing a maliciously crafted string representation of - * an expression to pg_get_expr(). - * - * There's a lot of code in ruleutils.c, so it's not feasible to add - * water-proof input checking after the fact. Even if we did it once, - * it would need to be taken into account in any future patches too. - * - * Instead, we restrict pg_rule_expr() to only allow input from system - * catalogs instead. This is a hack, but it's the most robust and easiest - * to backpatch way of plugging the vulnerability. - * - * This is transparent to the typical usage pattern of - * "pg_get_expr(systemcolumn, ...)", but will break - * "pg_get_expr('foo', ...)", even if 'foo' is a valid expression fetched - * earlier from a system catalog. Hopefully there's isn't many clients - * doing that out there. - */ - if (result && IsA(result, FuncExpr) && !superuser()) - { - FuncExpr *fe = (FuncExpr *) result; - if (fe->funcid == F_PG_GET_EXPR || fe->funcid == F_PG_GET_EXPR_EXT) - { - Expr *arg = linitial(fe->args); - bool allowed = false; - - /* - * Check that the argument came directly from one of the - * allowed system catalog columns - */ - if (IsA(arg, Var)) - { - Var *var = (Var *) arg; - RangeTblEntry *rte; - - rte = GetRTEByRangeTablePosn(pstate, - var->varno, var->varlevelsup); - - switch(rte->relid) - { - case IndexRelationId: - if (var->varattno == Anum_pg_index_indexprs || - var->varattno == Anum_pg_index_indpred) - allowed = true; - break; - - case AttrDefaultRelationId: - if (var->varattno == Anum_pg_attrdef_adbin) - allowed = true; - break; - - case ConstraintRelationId: - if (var->varattno == Anum_pg_constraint_conbin) - allowed = true; - break; - - case TypeRelationId: - if (var->varattno == Anum_pg_type_typdefaultbin) - allowed = true; - break; - } - } - if (!allowed) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("argument to pg_get_expr() must come from system catalogs"))); - } - } - return result; } static Node * |