rpms
/
postgresql
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fixup! Backport fixes for CVE-2023-2454 and CVE-2023-2455 

Remove security test for CVE-2023-2454

The test uses syntax for CREATE TABLE which is not yet allowed in
PostgreSQL 10 and it would be hard to backport such syntax. There is
still one regression test that verifies whether CVE-2023-2454 is fixed.
This commit is contained in:
Dominik Rehák 2023-07-19 15:35:08 +01:00
parent a92c0591c8
commit 33b2c2cbf2
1 changed files with 0 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
postgresql-10.23-CVE-2023-2454.patch
View File

@ -35,95 +35,6 @@ Security: CVE-2023-2454
create mode 100644 contrib/seg/expected/security.out
create mode 100644 contrib/seg/sql/security.sql
diff --git a/contrib/seg/Makefile b/contrib/seg/Makefile
index c6c134b8f1..a1e49bf051 100644
--- a/contrib/seg/Makefile
+++ b/contrib/seg/Makefile
@@ -14,7 +14,7 @@ PGFILEDESC = "seg - line segment data type"
DATA = seg--1.1.sql seg--1.0--1.1.sql seg--unpackaged--1.0.sql
PGFILEDESC = "seg - line segment data type"
-REGRESS = seg
+REGRESS = security seg
EXTRA_CLEAN = y.tab.c y.tab.h
diff --git a/contrib/seg/expected/security.out b/contrib/seg/expected/security.out
new file mode 100644
index 0000000000..b47598d039
--- /dev/null
+++ b/contrib/seg/expected/security.out
@@ -0,0 +1,32 @@
+--
+-- Test extension script protection against search path overriding
+--
+CREATE ROLE regress_seg_role;
+SELECT current_database() AS datname \gset
+GRANT CREATE ON DATABASE :"datname" TO regress_seg_role;
+SET ROLE regress_seg_role;
+CREATE SCHEMA regress_seg_schema;
+CREATE FUNCTION regress_seg_schema.exfun(i int) RETURNS int AS $$
+BEGIN
+ CREATE EXTENSION seg VERSION '1.2';
+
+ CREATE FUNCTION regress_seg_schema.compare(oid, regclass) RETURNS boolean AS
+ 'BEGIN RAISE EXCEPTION ''overloaded compare() called by %'', current_user; END;' LANGUAGE plpgsql;
+
+ CREATE OPERATOR = (LEFTARG = oid, RIGHTARG = regclass, PROCEDURE = regress_seg_schema.compare);
+
+ ALTER EXTENSION seg UPDATE TO '1.3';
+
+ RETURN i;
+END; $$ LANGUAGE plpgsql;
+CREATE SCHEMA test_schema
+CREATE TABLE t(i int) PARTITION BY RANGE (i)
+CREATE TABLE p1 PARTITION OF t FOR VALUES FROM (1) TO (regress_seg_schema.exfun(2));
+DROP SCHEMA test_schema CASCADE;
+NOTICE: drop cascades to 3 other objects
+DETAIL: drop cascades to table test_schema.t
+drop cascades to extension seg
+drop cascades to operator test_schema.=(oid,regclass)
+RESET ROLE;
+DROP OWNED BY regress_seg_role;
+DROP ROLE regress_seg_role;
diff --git a/contrib/seg/sql/security.sql b/contrib/seg/sql/security.sql
new file mode 100644
index 0000000000..7dfbbaa304
--- /dev/null
+++ b/contrib/seg/sql/security.sql
@@ -0,0 +1,32 @@
+--
+-- Test extension script protection against search path overriding
+--
+
+CREATE ROLE regress_seg_role;
+SELECT current_database() AS datname \gset
+GRANT CREATE ON DATABASE :"datname" TO regress_seg_role;
+SET ROLE regress_seg_role;
+CREATE SCHEMA regress_seg_schema;
+
+CREATE FUNCTION regress_seg_schema.exfun(i int) RETURNS int AS $$
+BEGIN
+ CREATE EXTENSION seg VERSION '1.2';
+
+ CREATE FUNCTION regress_seg_schema.compare(oid, regclass) RETURNS boolean AS
+ 'BEGIN RAISE EXCEPTION ''overloaded compare() called by %'', current_user; END;' LANGUAGE plpgsql;
+
+ CREATE OPERATOR = (LEFTARG = oid, RIGHTARG = regclass, PROCEDURE = regress_seg_schema.compare);
+
+ ALTER EXTENSION seg UPDATE TO '1.3';
+
+ RETURN i;
+END; $$ LANGUAGE plpgsql;
+
+CREATE SCHEMA test_schema
+CREATE TABLE t(i int) PARTITION BY RANGE (i)
+CREATE TABLE p1 PARTITION OF t FOR VALUES FROM (1) TO (regress_seg_schema.exfun(2));
+
+DROP SCHEMA test_schema CASCADE;
+RESET ROLE;
+DROP OWNED BY regress_seg_role;
+DROP ROLE regress_seg_role;
diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
index 14e57adee2..73ddb67882 100644
--- a/src/backend/catalog/namespace.c