OSSForks/postgres
1
0
Fork 0
mirror of https://github.com/zebrajr/postgres.git synced 2025-12-07 12:20:31 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1ad47d574e
postgres/contrib/pg_upgrade
History
Noah Misch e8f4922c86 Obstruct shell, SQL, and conninfo injection via database and role names. 
Due to simplistic quoting and confusion of database names with conninfo
strings, roles with the CREATEDB or CREATEROLE option could escalate to
superuser privileges when a superuser next ran certain maintenance
commands.  The new coding rule for PQconnectdbParams() calls, documented
at conninfo_array_parse(), is to pass expand_dbname=true and wrap
literal database names in a trivial connection string.  Escape
zero-length values in appendConnStrVal().  Back-patch to 9.1 (all
supported versions).

Nathan Bossart, Michael Paquier, and Noah Misch.  Reviewed by Peter
Eisentraut.  Reported by Nathan Bossart.

Security: CVE-2016-5424
2016-08-08 10:07:53 -04:00
..
.gitignore Update .gitignore for pg_upgrade 2014-12-17 11:59:45 +01:00
check.c pg_upgrade: only allow template0 to be non-connectable 2015-05-16 00:10:03 -04:00
controldata.c Fix spelling mistake. 2016-01-14 23:16:26 -05:00
dump.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
exec.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
file.c pg_upgrade: fix CopyFile() on Windows to fail on file existence 2015-11-24 17:18:27 -05:00
function.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
IMPLEMENTATION Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
info.c pg_dump, pg_upgrade: allow postgres/template1 tablespace moves 2015-09-11 15:51:10 -04:00
Makefile Fix pg_dump to handle inherited NOT VALID check constraints correctly. 2015-10-01 16:19:49 -04:00
option.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
page.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
pg_upgrade.c Fix typos 2015-05-17 22:22:44 -04:00
pg_upgrade.h Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
relfilenode.c Remove tabs after spaces in C comments 2014-05-06 11:26:27 -04:00
server.c Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
tablespace.c Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
test.sh Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
TESTING Remove whitespace from end of lines 2012-05-15 22:19:41 +03:00
util.c Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
version_old_8_3.c Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
version.c Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00