Michael Richards (michael@fastmail.ca) reports a bug with a severity of 3
The lower the number the more severe it is.
Short Description
lo_import does not check type before performing an import
Long Description
lo_import within pgsql does not verify that it is reading from a file. You can import directories if you like and the
importeddata is a mess of ASCII. I didn't try it but I'm sure you could get into lots of trouble if you tried something
likelo_import('/dev/urandom') or some other device that you can read infinite amounts of data from.
Sample Code
urdr=# insert into test values (lo_import('/home/miker/test'));
INSERT 6816303 1
urdr=# select * from test;
t
---------
6816289
(1 row)
> file /home/miker/test
/home/miker/test: directory
No file was uploaded with this report
