Thread: pgsql: Properly handle Win32 paths of 'E:abc', which can be either abso
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust. Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/0de0cc150af46122238f2fe03605bf14e1a7c276 Modified Files -------------- contrib/adminpack/adminpack.c | 40 ++++++++++++++++++-------------------- src/backend/utils/adt/genfile.c | 39 ++++++++++++++++++------------------- src/include/port.h | 9 +------ src/port/path.c | 33 ++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 48 deletions(-)
Bruce Momjian <bruce@momjian.us> writes: > Properly handle Win32 paths of 'E:abc', which can be either absolute or > relative, by creating a function path_is_relative_and_below_cwd() to > check for specific requirements. It is unclear if this fixes a security > problem or not but the new code is more robust. Surely this test is backwards? +bool +path_is_relative_and_below_cwd(const char *path) +{ + if (!is_absolute_path(path)) + return false; regards, tom lane
Re: pgsql: Properly handle Win32 paths of 'E:abc', which can be either abso
From
Bruce Momjian
Date:
Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > > Properly handle Win32 paths of 'E:abc', which can be either absolute or > > relative, by creating a function path_is_relative_and_below_cwd() to > > check for specific requirements. It is unclear if this fixes a security > > problem or not but the new code is more robust. > > Surely this test is backwards? > > +bool > +path_is_relative_and_below_cwd(const char *path) > +{ > + if (!is_absolute_path(path)) > + return false; Yes, sorry, corrected. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +