NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit919c9f6

committed

The original patch to disallow non-passworded connections to non-superusers

failed to cover all the ways in which a connection can be initiated in dblink.Plug the remaining holes. Also, disallow transient connections in functionsfor which that feature makes no sense (because they are only sensible aspart of a sequence of operations on the same connection). Joe ConwaySecurity:CVE-2007-6601

1 parenteedb068 commit919c9f6Copy full SHA for 919c9f6

File tree

3 files changed

+86

-38

lines changed

contrib/dblink
- dblink.c
- expected
  - dblink.out
- sql
  - dblink.sql

3 files changed

+86

-38

lines changed

`‎contrib/dblink/dblink.c`

Lines changed: 40 additions & 38 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`* Darko Prenosil <Darko.Prenosil@finteh.hr>`
`9`	`9`	`* Shridhar Daithankar <shridhar_daithankar@persistent.co.in>`
`10`	`10`	`*`
`11`		`- * $PostgreSQL: pgsql/contrib/dblink/dblink.c,v 1.67 2008/01/01 19:45:45 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/contrib/dblink/dblink.c,v 1.68 2008/01/03 21:27:59 tgl Exp $`
`12`	`12`	`* Copyright (c) 2001-2008, PostgreSQL Global Development Group`
`13`	`13`	`* ALL RIGHTS RESERVED;`
`14`	`14`	`*`
`@@ -91,6 +91,7 @@ static int16 get_attnum_pk_pos(int2vector *pkattnums, int16 pknumatts, int16 key`
`91`	`91`	`staticHeapTupleget_tuple_of_interest(Oidrelid,int2vectorpkattnums,int16pknumatts,char*src_pkattvals);`
`92`	`92`	`staticOidget_relid_from_relname(text*relname_text);`
`93`	`93`	`staticchar*generate_relation_name(Oidrelid);`
	`94`	`+staticvoiddblink_security_check(PGconnconn,remoteConnrconn);`
`94`	`95`
`95`	`96`	`/* Global */`
`96`	`97`	`staticremoteConn*pconn=NULL;`
`@@ -187,10 +188,21 @@ typedef struct remoteConnHashEnt`
`187`	`188`	`errmsg("could not establish connection"), \`
`188`	`189`	`errdetail("%s", msg))); \`
`189`	`190`	`} \`
	`191`	`+dblink_security_check(conn, rconn); \`
`190`	`192`	`freeconn = true; \`
`191`	`193`	`} \`
`192`	`194`	`} while (0)`
`193`	`195`
	`196`	`+#defineDBLINK_GET_NAMED_CONN \`
	`197`	`+do { \`
	`198`	`+char *conname = GET_STR(PG_GETARG_TEXT_P(0)); \`
	`199`	`+rconn = getConnectionByName(conname); \`
	`200`	`+if(rconn) \`
	`201`	`+conn = rconn->conn; \`
	`202`	`+else \`
	`203`	`+DBLINK_CONN_NOT_AVAIL; \`
	`204`	`+} while (0)`
	`205`	`+`
`194`	`206`	`#defineDBLINK_INIT \`
`195`	`207`	`do { \`
`196`	`208`	`if (!pconn) \`
`@@ -247,21 +259,8 @@ dblink_connect(PG_FUNCTION_ARGS)`
`247`	`259`	`errdetail("%s",msg)));`
`248`	`260`	`}`
`249`	`261`
`250`		`-if (!superuser())`
`251`		`-{`
`252`		`-if (!PQconnectionUsedPassword(conn))`
`253`		`-{`
`254`		`-PQfinish(conn);`
`255`		`-if (rconn)`
`256`		`-pfree(rconn);`
`257`		`-`
`258`		`-ereport(ERROR,`
`259`		`- (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),`
`260`		`-errmsg("password is required"),`
`261`		`-errdetail("Non-superuser cannot connect if the server does not request a password."),`
`262`		`-errhint("Target server's authentication method must be changed.")));`
`263`		`-}`
`264`		`-}`
	`262`	`+/* check password used if not superuser */`
	`263`	`+dblink_security_check(conn,rconn);`
`265`	`264`
`266`	`265`	`if (connname)`
`267`	`266`	`{`
`@@ -1047,17 +1046,11 @@ PG_FUNCTION_INFO_V1(dblink_is_busy);`
`1047`	`1046`	`Datum`
`1048`	`1047`	`dblink_is_busy(PG_FUNCTION_ARGS)`
`1049`	`1048`	`{`
`1050`		`-char*msg;`
`1051`	`1049`	`PGconn*conn=NULL;`
`1052`		`-char*conname=NULL;`
`1053`		`-char*connstr=NULL;`
`1054`	`1050`	`remoteConn*rconn=NULL;`
`1055`		`-boolfreeconn= false;`
`1056`	`1051`
`1057`	`1052`	`DBLINK_INIT;`
`1058`		`-DBLINK_GET_CONN;`
`1059`		`-if (!conn)`
`1060`		`-DBLINK_CONN_NOT_AVAIL;`
	`1053`	`+DBLINK_GET_NAMED_CONN;`
`1061`	`1054`
`1062`	`1055`	`PQconsumeInput(conn);`
`1063`	`1056`	`PG_RETURN_INT32(PQisBusy(conn));`
`@@ -1078,26 +1071,20 @@ PG_FUNCTION_INFO_V1(dblink_cancel_query);`
`1078`	`1071`	`Datum`
`1079`	`1072`	`dblink_cancel_query(PG_FUNCTION_ARGS)`
`1080`	`1073`	`{`
`1081`		`-char*msg;`
`1082`	`1074`	`intres=0;`
`1083`	`1075`	`PGconn*conn=NULL;`
`1084`		`-char*conname=NULL;`
`1085`		`-char*connstr=NULL;`
`1086`	`1076`	`remoteConn*rconn=NULL;`
`1087`		`-boolfreeconn= false;`
`1088`	`1077`	`PGcancel*cancel;`
`1089`	`1078`	`charerrbuf[256];`
`1090`	`1079`
`1091`	`1080`	`DBLINK_INIT;`
`1092`		`-DBLINK_GET_CONN;`
`1093`		`-if (!conn)`
`1094`		`-DBLINK_CONN_NOT_AVAIL;`
	`1081`	`+DBLINK_GET_NAMED_CONN;`
`1095`	`1082`	`cancel=PQgetCancel(conn);`
`1096`	`1083`
`1097`	`1084`	`res=PQcancel(cancel,errbuf,256);`
`1098`	`1085`	`PQfreeCancel(cancel);`
`1099`	`1086`
`1100`		`-if (res==0)`
	`1087`	`+if (res==1)`
`1101`	`1088`	`PG_RETURN_TEXT_P(GET_TEXT("OK"));`
`1102`	`1089`	`else`
`1103`	`1090`	`PG_RETURN_TEXT_P(GET_TEXT(errbuf));`
`@@ -1120,18 +1107,13 @@ dblink_error_message(PG_FUNCTION_ARGS)`
`1120`	`1107`	`{`
`1121`	`1108`	`char*msg;`
`1122`	`1109`	`PGconn*conn=NULL;`
`1123`		`-char*conname=NULL;`
`1124`		`-char*connstr=NULL;`
`1125`	`1110`	`remoteConn*rconn=NULL;`
`1126`		`-boolfreeconn= false;`
`1127`	`1111`
`1128`	`1112`	`DBLINK_INIT;`
`1129`		`-DBLINK_GET_CONN;`
`1130`		`-if (!conn)`
`1131`		`-DBLINK_CONN_NOT_AVAIL;`
	`1113`	`+DBLINK_GET_NAMED_CONN;`
`1132`	`1114`
`1133`	`1115`	`msg=PQerrorMessage(conn);`
`1134`		`-if (!msg)`
	`1116`	`+if (msg==NULL\|\|msg[0]=='\0')`
`1135`	`1117`	`PG_RETURN_TEXT_P(GET_TEXT("OK"));`
`1136`	`1118`	`else`
`1137`	`1119`	`PG_RETURN_TEXT_P(GET_TEXT(msg));`
`@@ -2299,3 +2281,23 @@ deleteConnection(const char *name)`
`2299`	`2281`	`errmsg("undefined connection name")));`
`2300`	`2282`
`2301`	`2283`	`}`
	`2284`	`+`
	`2285`	`+staticvoid`
	`2286`	`+dblink_security_check(PGconnconn,remoteConnrconn)`
	`2287`	`+{`
	`2288`	`+if (!superuser())`
	`2289`	`+{`
	`2290`	`+if (!PQconnectionUsedPassword(conn))`
	`2291`	`+{`
	`2292`	`+PQfinish(conn);`
	`2293`	`+if (rconn)`
	`2294`	`+pfree(rconn);`
	`2295`	`+`
	`2296`	`+ereport(ERROR,`
	`2297`	`+ (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),`
	`2298`	`+errmsg("password is required"),`
	`2299`	`+errdetail("Non-superuser cannot connect if the server does not request a password."),`
	`2300`	`+errhint("Target server's authentication method must be changed.")));`
	`2301`	`+}`
	`2302`	`+}`
	`2303`	`+}`

`‎contrib/dblink/expected/dblink.out`

Lines changed: 37 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -724,6 +724,12 @@ SELECT dblink_get_connections();`
`724`	`724`	`{dtest1,dtest2,dtest3}`
`725`	`725`	`(1 row)`
`726`	`726`
	`727`	`+SELECT dblink_is_busy('dtest1');`
	`728`	`+ dblink_is_busy`
	`729`	`+----------------`
	`730`	`+ 0`
	`731`	`+(1 row)`
	`732`	`+`
`727`	`733`	`SELECT dblink_disconnect('dtest1');`
`728`	`734`	`dblink_disconnect`
`729`	`735`	`-------------------`
`@@ -758,3 +764,34 @@ SELECT * from result;`
`758`	`764`	`10 \| k \| {a10,b10,c10}`
`759`	`765`	`(11 rows)`
`760`	`766`
	`767`	`+SELECT dblink_connect('dtest1', 'dbname=contrib_regression');`
	`768`	`+ dblink_connect`
	`769`	`+----------------`
	`770`	`+ OK`
	`771`	`+(1 row)`
	`772`	`+`
	`773`	`+SELECT * from`
	`774`	`+ dblink_send_query('dtest1', 'select * from foo where f1 < 3') as t1;`
	`775`	`+ t1`
	`776`	`+----`
	`777`	`+ 1`
	`778`	`+(1 row)`
	`779`	`+`
	`780`	`+SELECT dblink_cancel_query('dtest1');`
	`781`	`+ dblink_cancel_query`
	`782`	`+---------------------`
	`783`	`+ OK`
	`784`	`+(1 row)`
	`785`	`+`
	`786`	`+SELECT dblink_error_message('dtest1');`
	`787`	`+ dblink_error_message`
	`788`	`+----------------------`
	`789`	`+ OK`
	`790`	`+(1 row)`
	`791`	`+`
	`792`	`+SELECT dblink_disconnect('dtest1');`
	`793`	`+ dblink_disconnect`
	`794`	`+-------------------`
	`795`	`+ OK`
	`796`	`+(1 row)`
	`797`	`+`

`‎contrib/dblink/sql/dblink.sql`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -344,9 +344,18 @@ UNION`
`344`	`344`	`ORDER by f1;`
`345`	`345`
`346`	`346`	`SELECT dblink_get_connections();`
	`347`	`+SELECT dblink_is_busy('dtest1');`
`347`	`348`
`348`	`349`	`SELECT dblink_disconnect('dtest1');`
`349`	`350`	`SELECT dblink_disconnect('dtest2');`
`350`	`351`	`SELECT dblink_disconnect('dtest3');`
	`352`	`+`
`351`	`353`	`SELECT*from result;`
`352`	`354`
	`355`	`+SELECT dblink_connect('dtest1','dbname=contrib_regression');`
	`356`	`+SELECT*from`
	`357`	`+ dblink_send_query('dtest1','select * from foo where f1 < 3')as t1;`
	`358`	`+`
	`359`	`+SELECT dblink_cancel_query('dtest1');`
	`360`	`+SELECT dblink_error_message('dtest1');`
	`361`	`+SELECT dblink_disconnect('dtest1');`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit919c9f6

File tree

3 files changed

3 files changed

`‎contrib/dblink/dblink.c`

`‎contrib/dblink/expected/dblink.out`

`‎contrib/dblink/sql/dblink.sql`

0 commit comments