Thread: Tighten pg_get_object_address argument checking
For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the array length of the second argument, but not of the first argument. If the first argument was too long, it would just silently ignore everything but the first argument. Fix that by checking the length of the first argument as well. I wouldn't be surprised if there were more holes like this in this area. I just happened to find these while working on something related.
Attachment
On Tue, Sep 20, 2022 at 11:14 PM Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote: > > For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user > mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the > array length of the second argument, but not of the first argument. > If the first argument was too long, it would just silently ignore > everything but the first argument. Fix that by checking the length of > the first argument as well. > LGTM. -- With Regards, Amit Kapila.
On 21.09.22 12:01, Amit Kapila wrote: > On Tue, Sep 20, 2022 at 11:14 PM Peter Eisentraut > <peter.eisentraut@enterprisedb.com> wrote: >> >> For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user >> mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the >> array length of the second argument, but not of the first argument. >> If the first argument was too long, it would just silently ignore >> everything but the first argument. Fix that by checking the length of >> the first argument as well. > > LGTM. Committed, thanks for checking.