Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit71627f3

Browse files
committed
FixCVE-2013-0255 properly.
Revert commitab0f7b6 (in HEAD only)in favor of the proper solution, which is to declare enum_recv() correctlyin the system catalogs. It should be declared to take type "internal"not "cstring".Also improve the type_sanity regression test, which should have caughtthis typo, so that it actually would. Most of the relevant checks onthe signature of type I/O functions should not have been restricted tobasetypes/pseudotypes, as they should apply to any type's I/O functions.
1 parent9728eda commit71627f3

File tree

5 files changed

+22
-19
lines changed

5 files changed

+22
-19
lines changed

‎src/backend/utils/adt/enum.c

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@
1818
#include"access/htup_details.h"
1919
#include"catalog/indexing.h"
2020
#include"catalog/pg_enum.h"
21-
#include"catalog/pg_type.h"
2221
#include"libpq/pqformat.h"
2322
#include"utils/array.h"
2423
#include"utils/builtins.h"
@@ -105,10 +104,6 @@ enum_recv(PG_FUNCTION_ARGS)
105104
char*name;
106105
intnbytes;
107106

108-
/* guard against pre-9.3 misdeclaration of enum_recv */
109-
if (get_fn_expr_argtype(fcinfo->flinfo,0)==CSTRINGOID)
110-
elog(ERROR,"invalid argument for enum_recv");
111-
112107
name=pq_getmsgtext(buf,buf->len-buf->cursor,&nbytes);
113108

114109
/* must check length to prevent Assert failure within SearchSysCache */

‎src/include/catalog/catversion.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,6 @@
5353
*/
5454

5555
/*yyyymmddN */
56-
#defineCATALOG_VERSION_NO201301231
56+
#defineCATALOG_VERSION_NO201302131
5757

5858
#endif

‎src/include/catalog/pg_proc.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4160,7 +4160,7 @@ DATA(insert OID = 3530 ( enum_rangePGNSP PGUID 12 1 0 0 0 f f f f f f s 2 0 22
41604160
DESCR("range between the two given enum values, as an ordered array");
41614161
DATA(insertOID=3531 (enum_rangePGNSPPGUID121000ffffffs102277"3500"_null__null__null__null_enum_range_all_null__null__null_ ));
41624162
DESCR("range of the given enum type, as an ordered array");
4163-
DATA(insertOID=3532 (enum_recvPGNSPPGUID121000fffftfs203500"2275 26"_null__null__null__null_enum_recv_null__null__null_ ));
4163+
DATA(insertOID=3532 (enum_recvPGNSPPGUID121000fffftfs203500"2281 26"_null__null__null__null_enum_recv_null__null__null_ ));
41644164
DESCR("I/O");
41654165
DATA(insertOID=3533 (enum_sendPGNSPPGUID121000fffftfs1017"3500"_null__null__null__null_enum_send_null__null__null_ ));
41664166
DESCR("I/O");

‎src/test/regress/expected/type_sanity.out

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -117,8 +117,10 @@ WHERE (p1.typinput = 0 OR p1.typoutput = 0);
117117
-- Check for bogus typinput routines
118118
SELECT p1.oid, p1.typname, p2.oid, p2.proname
119119
FROM pg_type AS p1, pg_proc AS p2
120-
WHERE p1.typinput = p2.oid ANDp1.typtype in ('b', 'p') ANDNOT
120+
WHERE p1.typinput = p2.oid AND NOT
121121
((p2.pronargs = 1 AND p2.proargtypes[0] = 'cstring'::regtype) OR
122+
(p2.pronargs = 2 AND p2.proargtypes[0] = 'cstring'::regtype AND
123+
p2.proargtypes[1] = 'oid'::regtype) OR
122124
(p2.pronargs = 3 AND p2.proargtypes[0] = 'cstring'::regtype AND
123125
p2.proargtypes[1] = 'oid'::regtype AND
124126
p2.proargtypes[2] = 'int4'::regtype));
@@ -143,7 +145,7 @@ ORDER BY 1;
143145
-- Exception as of 8.1: int2vector and oidvector have their own I/O routines
144146
SELECT p1.oid, p1.typname, p2.oid, p2.proname
145147
FROM pg_type AS p1, pg_proc AS p2
146-
WHERE p1.typinput = p2.oid AND p1.typtype in ('b', 'p') AND
148+
WHERE p1.typinput = p2.oid AND
147149
(p1.typelem != 0 AND p1.typlen < 0) AND NOT
148150
(p2.oid = 'array_in'::regproc)
149151
ORDER BY 1;
@@ -184,7 +186,7 @@ ORDER BY 1;
184186

185187
SELECT p1.oid, p1.typname, p2.oid, p2.proname
186188
FROM pg_type AS p1, pg_proc AS p2
187-
WHERE p1.typoutput = p2.oid ANDp1.typtype in ('b', 'p') ANDNOT
189+
WHERE p1.typoutput = p2.oid AND NOT
188190
(p2.prorettype = 'cstring'::regtype AND NOT p2.proretset);
189191
oid | typname | oid | proname
190192
-----+---------+-----+---------
@@ -213,8 +215,10 @@ WHERE p1.typtype = 'd' AND p1.typoutput IS DISTINCT FROM p2.typoutput;
213215
-- Check for bogus typreceive routines
214216
SELECT p1.oid, p1.typname, p2.oid, p2.proname
215217
FROM pg_type AS p1, pg_proc AS p2
216-
WHERE p1.typreceive = p2.oid ANDp1.typtype in ('b', 'p') ANDNOT
218+
WHERE p1.typreceive = p2.oid AND NOT
217219
((p2.pronargs = 1 AND p2.proargtypes[0] = 'internal'::regtype) OR
220+
(p2.pronargs = 2 AND p2.proargtypes[0] = 'internal'::regtype AND
221+
p2.proargtypes[1] = 'oid'::regtype) OR
218222
(p2.pronargs = 3 AND p2.proargtypes[0] = 'internal'::regtype AND
219223
p2.proargtypes[1] = 'oid'::regtype AND
220224
p2.proargtypes[2] = 'int4'::regtype));
@@ -239,7 +243,7 @@ ORDER BY 1;
239243
-- Exception as of 8.1: int2vector and oidvector have their own I/O routines
240244
SELECT p1.oid, p1.typname, p2.oid, p2.proname
241245
FROM pg_type AS p1, pg_proc AS p2
242-
WHERE p1.typreceive = p2.oid AND p1.typtype in ('b', 'p') AND
246+
WHERE p1.typreceive = p2.oid AND
243247
(p1.typelem != 0 AND p1.typlen < 0) AND NOT
244248
(p2.oid = 'array_recv'::regproc)
245249
ORDER BY 1;
@@ -289,7 +293,7 @@ ORDER BY 1;
289293

290294
SELECT p1.oid, p1.typname, p2.oid, p2.proname
291295
FROM pg_type AS p1, pg_proc AS p2
292-
WHERE p1.typsend = p2.oid ANDp1.typtype in ('b', 'p') ANDNOT
296+
WHERE p1.typsend = p2.oid AND NOT
293297
(p2.prorettype = 'bytea'::regtype AND NOT p2.proretset);
294298
oid | typname | oid | proname
295299
-----+---------+-----+---------

‎src/test/regress/sql/type_sanity.sql

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -96,8 +96,10 @@ WHERE (p1.typinput = 0 OR p1.typoutput = 0);
9696

9797
SELECTp1.oid,p1.typname,p2.oid,p2.proname
9898
FROM pg_typeAS p1, pg_procAS p2
99-
WHEREp1.typinput=p2.oidANDp1.typtypein ('b','p')ANDNOT
99+
WHEREp1.typinput=p2.oidAND NOT
100100
((p2.pronargs=1ANDp2.proargtypes[0]='cstring'::regtype)OR
101+
(p2.pronargs=2ANDp2.proargtypes[0]='cstring'::regtypeAND
102+
p2.proargtypes[1]='oid'::regtype)OR
101103
(p2.pronargs=3ANDp2.proargtypes[0]='cstring'::regtypeAND
102104
p2.proargtypes[1]='oid'::regtypeAND
103105
p2.proargtypes[2]='int4'::regtype));
@@ -115,7 +117,7 @@ ORDER BY 1;
115117
-- Exception as of 8.1: int2vector and oidvector have their own I/O routines
116118
SELECTp1.oid,p1.typname,p2.oid,p2.proname
117119
FROM pg_typeAS p1, pg_procAS p2
118-
WHEREp1.typinput=p2.oidANDp1.typtypein ('b','p')AND
120+
WHEREp1.typinput=p2.oidAND
119121
(p1.typelem!=0ANDp1.typlen<0)AND NOT
120122
(p2.oid='array_in'::regproc)
121123
ORDER BY1;
@@ -141,7 +143,7 @@ ORDER BY 1;
141143

142144
SELECTp1.oid,p1.typname,p2.oid,p2.proname
143145
FROM pg_typeAS p1, pg_procAS p2
144-
WHEREp1.typoutput=p2.oidANDp1.typtypein ('b','p')ANDNOT
146+
WHEREp1.typoutput=p2.oidAND NOT
145147
(p2.prorettype='cstring'::regtypeAND NOTp2.proretset);
146148

147149
-- Composites, enums, ranges should all use the same output routines
@@ -159,8 +161,10 @@ WHERE p1.typtype = 'd' AND p1.typoutput IS DISTINCT FROM p2.typoutput;
159161

160162
SELECTp1.oid,p1.typname,p2.oid,p2.proname
161163
FROM pg_typeAS p1, pg_procAS p2
162-
WHEREp1.typreceive=p2.oidANDp1.typtypein ('b','p')ANDNOT
164+
WHEREp1.typreceive=p2.oidAND NOT
163165
((p2.pronargs=1ANDp2.proargtypes[0]='internal'::regtype)OR
166+
(p2.pronargs=2ANDp2.proargtypes[0]='internal'::regtypeAND
167+
p2.proargtypes[1]='oid'::regtype)OR
164168
(p2.pronargs=3ANDp2.proargtypes[0]='internal'::regtypeAND
165169
p2.proargtypes[1]='oid'::regtypeAND
166170
p2.proargtypes[2]='int4'::regtype));
@@ -178,7 +182,7 @@ ORDER BY 1;
178182
-- Exception as of 8.1: int2vector and oidvector have their own I/O routines
179183
SELECTp1.oid,p1.typname,p2.oid,p2.proname
180184
FROM pg_typeAS p1, pg_procAS p2
181-
WHEREp1.typreceive=p2.oidANDp1.typtypein ('b','p')AND
185+
WHEREp1.typreceive=p2.oidAND
182186
(p1.typelem!=0ANDp1.typlen<0)AND NOT
183187
(p2.oid='array_recv'::regproc)
184188
ORDER BY1;
@@ -210,7 +214,7 @@ ORDER BY 1;
210214

211215
SELECTp1.oid,p1.typname,p2.oid,p2.proname
212216
FROM pg_typeAS p1, pg_procAS p2
213-
WHEREp1.typsend=p2.oidANDp1.typtypein ('b','p')ANDNOT
217+
WHEREp1.typsend=p2.oidAND NOT
214218
(p2.prorettype='bytea'::regtypeAND NOTp2.proretset);
215219

216220
-- Composites, enums, ranges should all use the same send routines

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp