From 8d24b8bd7a0fe50b40018f2d26352184467fb68f Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 6 Feb 2007 17:35:27 +0000 Subject: Remove typmod checking from the recent security-related patches. It turns out that ExecEvalVar and friends don't necessarily have access to a tuple descriptor with correct typmod: it definitely can contain -1, and possibly might contain other values that are different from the Var's value. Arguably this should be cleaned up someday, but it's not a simple change, and in any case typmod discrepancies don't pose a security hazard. Per reports from numerous people :-( I'm not entirely sure whether the failure can occur in 8.0 --- the simple test cases reported so far don't trigger it there. But back-patch the change all the way anyway. --- src/backend/executor/execUtils.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'src/backend/executor/execUtils.c') diff --git a/src/backend/executor/execUtils.c b/src/backend/executor/execUtils.c index 909d9b198d0..1ef8300ba79 100644 --- a/src/backend/executor/execUtils.c +++ b/src/backend/executor/execUtils.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.140.2.2 2007/02/02 00:07:28 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.140.2.3 2007/02/06 17:35:27 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -632,10 +632,7 @@ ExecBuildProjectionInfo(List *targetList, break; } attr = inputDesc->attrs[variable->varattno - 1]; - if (attr->attisdropped || - variable->vartype != attr->atttypid || - (variable->vartypmod != attr->atttypmod && - variable->vartypmod != -1)) + if (attr->attisdropped || variable->vartype != attr->atttypid) { isVarList = false; break; -- cgit v1.2.3