diff options
| author | Noah Misch | 2014-02-17 14:33:31 +0000 |
|---|---|---|
| committer | Noah Misch | 2014-02-17 14:33:31 +0000 |
| commit | 537cbd35c893e67a63c59bc636c3e888bd228bc7 (patch) | |
| tree | 0315dbc61a19a835e3c446122c337655ad8794d4 /src/pl | |
| parent | fea164a72a7bfd50d77ba5fb418d357f8f2bb7d0 (diff) | |
Prevent privilege escalation in explicit calls to PL validators.
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly. Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve. Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.
Andres Freund, reviewed by Tom Lane and Noah Misch.
Security: CVE-2014-0061
Diffstat (limited to 'src/pl')
| -rw-r--r-- | src/pl/plperl/plperl.c | 4 | ||||
| -rw-r--r-- | src/pl/plpgsql/src/pl_handler.c | 3 | ||||
| -rw-r--r-- | src/pl/plpython/plpy_main.c | 4 |
3 files changed, 11 insertions, 0 deletions
diff --git a/src/pl/plperl/plperl.c b/src/pl/plperl/plperl.c index d9aa5efa324..ed6884e863a 100644 --- a/src/pl/plperl/plperl.c +++ b/src/pl/plperl/plperl.c @@ -1883,6 +1883,9 @@ plperl_validator(PG_FUNCTION_ARGS) bool is_event_trigger = false; int i; + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + /* Get the new function's pg_proc entry */ tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid)); if (!HeapTupleIsValid(tuple)) @@ -1964,6 +1967,7 @@ PG_FUNCTION_INFO_V1(plperlu_validator); Datum plperlu_validator(PG_FUNCTION_ARGS) { + /* call plperl validator with our fcinfo so it gets our oid */ return plperl_validator(fcinfo); } diff --git a/src/pl/plpgsql/src/pl_handler.c b/src/pl/plpgsql/src/pl_handler.c index f02203a5fb8..f21393ae41d 100644 --- a/src/pl/plpgsql/src/pl_handler.c +++ b/src/pl/plpgsql/src/pl_handler.c @@ -290,6 +290,9 @@ plpgsql_validator(PG_FUNCTION_ARGS) bool is_event_trigger = false; int i; + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + /* Get the new function's pg_proc entry */ tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid)); if (!HeapTupleIsValid(tuple)) diff --git a/src/pl/plpython/plpy_main.c b/src/pl/plpython/plpy_main.c index 0dad8439565..4438721589e 100644 --- a/src/pl/plpython/plpy_main.c +++ b/src/pl/plpython/plpy_main.c @@ -160,6 +160,9 @@ plpython_validator(PG_FUNCTION_ARGS) Form_pg_proc procStruct; bool is_trigger; + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + if (!check_function_bodies) { PG_RETURN_VOID(); @@ -185,6 +188,7 @@ plpython_validator(PG_FUNCTION_ARGS) Datum plpython2_validator(PG_FUNCTION_ARGS) { + /* call plpython validator with our fcinfo so it gets our oid */ return plpython_validator(fcinfo); } #endif /* PY_MAJOR_VERSION < 3 */ |