Thread: pgsql: Install a data-type-based solution for protecting pg_get_expr().
pgsql: Install a data-type-based solution for protecting pg_get_expr().
From
tgl@postgresql.org (Tom Lane)
Date:
Log Message: ----------- Install a data-type-based solution for protecting pg_get_expr(). Since the code underlying pg_get_expr() is not secure against malformed input, and can't practically be made so, we need to prevent miscreants from feeding arbitrary data to it. We can do this securely by declaring pg_get_expr() to take a new datatype "pg_node_tree" and declaring the system catalog columns that hold nodeToString output to be of that type. There is no way at SQL level to create a non-null value of type pg_node_tree. Since the backend-internal operations that fill those catalog columns operate below the SQL level, they are oblivious to the datatype relabeling and don't need any changes. Modified Files: -------------- pgsql/doc/src/sgml: catalogs.sgml (r2.227 -> r2.228) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/catalogs.sgml?r1=2.227&r2=2.228) func.sgml (r1.531 -> r1.532) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/func.sgml?r1=1.531&r2=1.532) pgsql/src/backend/bootstrap: bootstrap.c (r1.261 -> r1.262) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/bootstrap/bootstrap.c?r1=1.261&r2=1.262) pgsql/src/backend/utils/adt: pseudotypes.c (r1.23 -> r1.24) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/pseudotypes.c?r1=1.23&r2=1.24) pgsql/src/include/catalog: catversion.h (r1.597 -> r1.598) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/catversion.h?r1=1.597&r2=1.598) genbki.h (r1.6 -> r1.7) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/genbki.h?r1=1.6&r2=1.7) pg_attrdef.h (r1.26 -> r1.27) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_attrdef.h?r1=1.26&r2=1.27) pg_cast.h (r1.45 -> r1.46) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_cast.h?r1=1.45&r2=1.46) pg_constraint.h (r1.41 -> r1.42) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_constraint.h?r1=1.41&r2=1.42) pg_index.h (r1.50 -> r1.51) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_index.h?r1=1.50&r2=1.51) pg_proc.h (r1.581 -> r1.582) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_proc.h?r1=1.581&r2=1.582) pg_rewrite.h (r1.35 -> r1.36) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_rewrite.h?r1=1.35&r2=1.36) pg_trigger.h (r1.39 -> r1.40) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_trigger.h?r1=1.39&r2=1.40) pg_type.h (r1.212 -> r1.213) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_type.h?r1=1.212&r2=1.213) pgsql/src/include/utils: builtins.h (r1.355 -> r1.356) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/builtins.h?r1=1.355&r2=1.356) pgsql/src/test/regress/expected: opr_sanity.out (r1.91 -> r1.92) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/opr_sanity.out?r1=1.91&r2=1.92) type_sanity.out (r1.34 -> r1.35) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/type_sanity.out?r1=1.34&r2=1.35) pgsql/src/test/regress/sql: opr_sanity.sql (r1.74 -> r1.75) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/opr_sanity.sql?r1=1.74&r2=1.75) type_sanity.sql (r1.34 -> r1.35) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/type_sanity.sql?r1=1.34&r2=1.35)