- Notifications
You must be signed in to change notification settings - Fork54
Fix CVE-2020-14350#18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
1 change: 0 additions & 1 deletion.gitignore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -8,4 +8,3 @@ regression.out | ||
| *.gcov | ||
| tags | ||
11 changes: 3 additions & 8 deletionsMakefile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
65 changes: 65 additions & 0 deletionsaqo--1.1.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| -- complain if script is sourced in psql, rather than via CREATE EXTENSION | ||
| \echo Use "CREATE EXTENSION aqo" to load this file. \quit | ||
| CREATE TABLE public.aqo_queries ( | ||
| query_hashint CONSTRAINT aqo_queries_query_hash_idx PRIMARY KEY, | ||
| learn_aqoboolean NOT NULL, | ||
| use_aqoboolean NOT NULL, | ||
| fspace_hashint NOT NULL, | ||
| auto_tuningboolean NOT NULL | ||
| ); | ||
| CREATE TABLE public.aqo_query_texts ( | ||
| query_hashint CONSTRAINT aqo_query_texts_query_hash_idx PRIMARY KEY REFERENCES public.aqo_queries ON DELETE CASCADE, | ||
| query_texttext NOT NULL | ||
| ); | ||
| CREATE TABLE public.aqo_query_stat ( | ||
| query_hashint CONSTRAINT aqo_query_stat_idx PRIMARY KEY REFERENCES public.aqo_queries ON DELETE CASCADE, | ||
| execution_time_with_aqodouble precision[], | ||
| execution_time_without_aqodouble precision[], | ||
| planning_time_with_aqodouble precision[], | ||
| planning_time_without_aqodouble precision[], | ||
| cardinality_error_with_aqodouble precision[], | ||
| cardinality_error_without_aqodouble precision[], | ||
| executions_with_aqobigint, | ||
| executions_without_aqobigint | ||
| ); | ||
| CREATE TABLE public.aqo_data ( | ||
| fspace_hashint NOT NULL REFERENCES public.aqo_queries ON DELETE CASCADE, | ||
| fsspace_hashint NOT NULL, | ||
| nfeaturesint NOT NULL, | ||
| featuresdouble precision[][], | ||
| targetsdouble precision[], | ||
| UNIQUE (fspace_hash, fsspace_hash) | ||
| ); | ||
| CREATE UNIQUE INDEX aqo_fss_access_idx ON public.aqo_data (fspace_hash, fsspace_hash); | ||
| ALTER TABLE public.aqo_data ALTER COLUMN features SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_data ALTER COLUMN targets SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN execution_time_with_aqo SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN execution_time_without_aqo SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN planning_time_with_aqo SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN planning_time_without_aqo SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN cardinality_error_without_aqo SET STORAGE MAIN; | ||
| ALTER TABLE public.aqo_query_stat | ||
| ALTER COLUMN cardinality_error_with_aqo SET STORAGE MAIN; | ||
| INSERT INTO public.aqo_queries VALUES (0, false, false, 0, false); | ||
| INSERT INTO public.aqo_query_texts VALUES (0, 'COMMON feature space (do not delete!)'); | ||
| -- a virtual query for COMMON feature space | ||
| CREATE FUNCTION invalidate_deactivated_queries_cache() RETURNS trigger | ||
| AS 'MODULE_PATHNAME' LANGUAGE C; | ||
| CREATE TRIGGER aqo_queries_invalidate AFTER UPDATE OR DELETE OR TRUNCATE | ||
| ON public.aqo_queries FOR EACH STATEMENT | ||
| EXECUTE PROCEDURE invalidate_deactivated_queries_cache(); | ||
76 changes: 76 additions & 0 deletionsexpected/aqo_CVE-2020-14350.out
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| /* | ||
| * Check fix for CVE-2020-14350. | ||
| * See also 7eeb1d986 postgresql commit. | ||
| */ | ||
| SET client_min_messages = 'warning'; | ||
| DROP ROLE IF EXISTS regress_hacker; | ||
| SET client_min_messages = 'notice'; | ||
| CREATE ROLE regress_hacker LOGIN; | ||
| -- Test 1 | ||
| RESET ROLE; | ||
| ALTER ROLE regress_hacker NOSUPERUSER; | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| is_superuser | ||
| -------------- | ||
| off | ||
| (1 row) | ||
| CREATE FUNCTION format(f text, r regclass, t text) | ||
| RETURNS text | ||
| AS $$ | ||
| BEGIN | ||
| ALTER ROLE regress_hacker SUPERUSER; | ||
| RETURN ''; | ||
| END | ||
| $$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT; | ||
| RESET ROLE; | ||
| CREATE EXTENSION aqo; | ||
| -- Test result (must be 'off') | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| is_superuser | ||
| -------------- | ||
| off | ||
| (1 row) | ||
| RESET ROLE; | ||
| DROP FUNCTION format(text, regclass, text); | ||
| DROP EXTENSION IF EXISTS aqo; | ||
| -- Test 2 | ||
| RESET ROLE; | ||
| ALTER ROLE regress_hacker NOSUPERUSER; | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| is_superuser | ||
| -------------- | ||
| off | ||
| (1 row) | ||
| CREATE FUNCTION aqo_migrate_to_1_1_get_pk(rel text) | ||
| RETURNS regclass | ||
| AS $$ | ||
| DECLARE | ||
| ret regclass; | ||
| BEGIN | ||
| ALTER ROLE regress_hacker SUPERUSER; | ||
| SELECT * FROM aqo_migrate_to_1_1_get_pk(rel::regclass) INTO ret; | ||
| RETURN ret; | ||
| END | ||
| $$ LANGUAGE plpgsql; | ||
| RESET ROLE; | ||
| CREATE EXTENSION aqo; | ||
| -- Test result (must be 'off') | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| is_superuser | ||
| -------------- | ||
| off | ||
| (1 row) | ||
| RESET ROLE; | ||
| DROP FUNCTION aqo_migrate_to_1_1_get_pk(text); | ||
| DROP EXTENSION IF EXISTS aqo; | ||
| -- Cleanup | ||
| RESET ROLE; | ||
| DROP ROLE regress_hacker; |
71 changes: 71 additions & 0 deletionssql/aqo_CVE-2020-14350.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| /* | ||
| * Check fix for CVE-2020-14350. | ||
| * See also 7eeb1d986 postgresql commit. | ||
| */ | ||
| SET client_min_messages = 'warning'; | ||
| DROP ROLE IF EXISTS regress_hacker; | ||
| SET client_min_messages = 'notice'; | ||
| CREATE ROLE regress_hacker LOGIN; | ||
| -- Test 1 | ||
| RESET ROLE; | ||
| ALTER ROLE regress_hacker NOSUPERUSER; | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| CREATE FUNCTION format(f text, r regclass, t text) | ||
| RETURNS text | ||
| AS $$ | ||
| BEGIN | ||
| ALTER ROLE regress_hacker SUPERUSER; | ||
| RETURN ''; | ||
| END | ||
| $$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT; | ||
| RESET ROLE; | ||
| CREATE EXTENSION aqo; | ||
| -- Test result (must be 'off') | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| RESET ROLE; | ||
| DROP FUNCTION format(text, regclass, text); | ||
| DROP EXTENSION IF EXISTS aqo; | ||
| -- Test 2 | ||
| RESET ROLE; | ||
| ALTER ROLE regress_hacker NOSUPERUSER; | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| CREATE FUNCTION aqo_migrate_to_1_1_get_pk(rel text) | ||
| RETURNS regclass | ||
| AS $$ | ||
| DECLARE | ||
| ret regclass; | ||
| BEGIN | ||
| ALTER ROLE regress_hacker SUPERUSER; | ||
| SELECT * FROM aqo_migrate_to_1_1_get_pk(rel::regclass) INTO ret; | ||
| RETURN ret; | ||
| END | ||
| $$ LANGUAGE plpgsql; | ||
| RESET ROLE; | ||
| CREATE EXTENSION aqo; | ||
| -- Test result (must be 'off') | ||
| SET ROLE regress_hacker; | ||
| SHOW is_superuser; | ||
| RESET ROLE; | ||
| DROP FUNCTION aqo_migrate_to_1_1_get_pk(text); | ||
| DROP EXTENSION IF EXISTS aqo; | ||
| -- Cleanup | ||
| RESET ROLE; | ||
| DROP ROLE regress_hacker; | ||
43 changes: 0 additions & 43 deletionst/000_security.pl
This file was deleted.
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.