diff options
| author | Tom Lane | 2010-09-03 01:34:55 +0000 |
|---|---|---|
| committer | Tom Lane | 2010-09-03 01:34:55 +0000 |
| commit | 303696c3b47e6719e983e93da5896ddc4a2e0dbb (patch) | |
| tree | 0cf979aeaf94f5f4c45948c3db78755d08dde5a6 /doc/src | |
| parent | 8ab6a6b4562efcd9f320353d5438fdbe10dbf9c5 (diff) | |
Install a data-type-based solution for protecting pg_get_expr().REL9_1_ALPHA1
Since the code underlying pg_get_expr() is not secure against malformed
input, and can't practically be made so, we need to prevent miscreants
from feeding arbitrary data to it. We can do this securely by declaring
pg_get_expr() to take a new datatype "pg_node_tree" and declaring the
system catalog columns that hold nodeToString output to be of that type.
There is no way at SQL level to create a non-null value of type pg_node_tree.
Since the backend-internal operations that fill those catalog columns
operate below the SQL level, they are oblivious to the datatype relabeling
and don't need any changes.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 25 | ||||
| -rw-r--r-- | doc/src/sgml/func.sgml | 6 |
2 files changed, 16 insertions, 15 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index d287e848669..d53477ca47a 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.227 2010/08/25 18:18:41 petere Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.228 2010/09/03 01:34:54 tgl Exp $ --> <!-- Documentation of the system catalogs, directed toward PostgreSQL developers --> @@ -797,7 +797,7 @@ <row> <entry><structfield>adbin</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry>The internal representation of the column default value</entry> </row> @@ -1917,7 +1917,7 @@ <row> <entry><structfield>conbin</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry>If a check constraint, an internal representation of the expression</entry> </row> @@ -2915,7 +2915,7 @@ <row> <entry><structfield>indexprs</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry> Expression trees (in <function>nodeToString()</function> @@ -2928,7 +2928,7 @@ <row> <entry><structfield>indpred</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry> Expression tree (in <function>nodeToString()</function> @@ -3980,7 +3980,7 @@ <row> <entry><structfield>proargdefaults</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry> Expression trees (in <function>nodeToString()</function> representation) @@ -4129,7 +4129,7 @@ <row> <entry><structfield>ev_qual</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry> Expression tree (in the form of a @@ -4140,7 +4140,7 @@ <row> <entry><structfield>ev_action</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry> Query tree (in the form of a @@ -4839,7 +4839,7 @@ <row> <entry><structfield>tgqual</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry>Expression tree (in <function>nodeToString()</function> representation) for the trigger's <literal>WHEN</> condition, or null @@ -5622,10 +5622,11 @@ <row> <entry><structfield>typdefaultbin</structfield></entry> - <entry><type>text</type></entry> + <entry><type>pg_node_tree</type></entry> <entry></entry> <entry><para> - If <structfield>typdefaultbin</> is not null, it is the <function>nodeToString()</function> + If <structfield>typdefaultbin</> is not null, it is the + <function>nodeToString()</function> representation of a default expression for the type. This is only used for domains. </para></entry> @@ -5642,7 +5643,7 @@ default expression represented by <structfield>typdefaultbin</>. If <structfield>typdefaultbin</> is null and <structfield>typdefault</> is not, then <structfield>typdefault</> is the external representation of - the type's default value, which might be fed to the type's input + the type's default value, which can be fed to the type's input converter to produce a constant. </para></entry> </row> diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 01fbd315b90..8d1015b9f8e 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.531 2010/09/01 18:22:29 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.532 2010/09/03 01:34:54 tgl Exp $ --> <chapter id="functions"> <title>Functions and Operators</title> @@ -12746,13 +12746,13 @@ SELECT pg_type_is_visible('myschema.widget'::regtype); <entry>get definition of a constraint</entry> </row> <row> - <entry><literal><function>pg_get_expr</function>(<parameter>expr_text</parameter>, <parameter>relation_oid</>)</literal></entry> + <entry><literal><function>pg_get_expr</function>(<parameter>pg_node_tree</parameter>, <parameter>relation_oid</>)</literal></entry> <entry><type>text</type></entry> <entry>decompile internal form of an expression, assuming that any Vars in it refer to the relation indicated by the second parameter</entry> </row> <row> - <entry><literal><function>pg_get_expr</function>(<parameter>expr_text</parameter>, <parameter>relation_oid</>, <parameter>pretty_bool</>)</literal></entry> + <entry><literal><function>pg_get_expr</function>(<parameter>pg_node_tree</parameter>, <parameter>relation_oid</>, <parameter>pretty_bool</>)</literal></entry> <entry><type>text</type></entry> <entry>decompile internal form of an expression, assuming that any Vars in it refer to the relation indicated by the second parameter</entry> |