Thread: pgsql: Properly handle Win32 paths of 'E:abc', which can be either abso
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust. Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/0de0cc150af46122238f2fe03605bf14e1a7c276 Modified Files -------------- contrib/adminpack/adminpack.c | 40 ++++++++++++++++++-------------------- src/backend/utils/adt/genfile.c | 39 ++++++++++++++++++------------------- src/include/port.h | 9 +------ src/port/path.c | 33 ++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 48 deletions(-)
Bruce Momjian <bruce@momjian.us> writes:
> Properly handle Win32 paths of 'E:abc', which can be either absolute or
> relative, by creating a function path_is_relative_and_below_cwd() to
> check for specific requirements. It is unclear if this fixes a security
> problem or not but the new code is more robust.
Surely this test is backwards?
+bool
+path_is_relative_and_below_cwd(const char *path)
+{
+ if (!is_absolute_path(path))
+ return false;
regards, tom lane
Re: pgsql: Properly handle Win32 paths of 'E:abc', which can be either abso
From
Bruce Momjian
Date:
Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > Properly handle Win32 paths of 'E:abc', which can be either absolute or
> > relative, by creating a function path_is_relative_and_below_cwd() to
> > check for specific requirements. It is unclear if this fixes a security
> > problem or not but the new code is more robust.
>
> Surely this test is backwards?
>
> +bool
> +path_is_relative_and_below_cwd(const char *path)
> +{
> + if (!is_absolute_path(path))
> + return false;
Yes, sorry, corrected.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +