Re: Error check always bypassed in tablefunc.c - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Error check always bypassed in tablefunc.c
Date
Msg-id CAB7nPqQYFp4T7LwSBhOfO2SgH5ysATHwqubzJWmvUDb6zbdGNw@mail.gmail.com
Whole thread Raw
In response to Re: Error check always bypassed in tablefunc.c  (Michael Paquier <michael.paquier@gmail.com>)
Responses Re: Error check always bypassed in tablefunc.c
List pgsql-hackers
On Sat, Jan 17, 2015 at 11:16 PM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> Patch is attached. Comments welcome.
So, I have been poking at this code a bit more and as the values of
the parameters are passed as-is to the SQL queries that connectby
generates internally (this is as well mentioned in the documentation
here: http://www.postgresql.org/docs/devel/static/tablefunc.html), you
can do quite fancy things by passing for example values of the type
"foo FROM table; --" or similar. Particularly, by enforcing a query
returning only one column, or NULL values I am even able to crash the
server. The interesting part is that even if compatConnectbyTupleDescs
is enabled for each level, it is still possible to crash the server by
passing for example NULL values casted to the same type, like that
'NULL::text, NULL::text; --'.
The attached patch fixes all those things, I have also enabled
compatConnectbyTupleDescs to run at each level. I'll add it to the
next CF as well to not lose track of it. This behavior has been like
that forever...
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Amit Langote
Date:
Subject: Re: Partitioning: issues/ideas (Was: Re: On partitioning)
Next
From: Heikki Linnakangas
Date:
Subject: Re: Client deadlocks when connecting via ssl