Revision 23b5a85e60c464ab8bc438a547a4b15260ca9453 authored by Noah Misch on 17 February 2014, 14:33:31 UTC, committed by Noah Misch on 17 February 2014, 14:33:36 UTC
The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
1 parent 5d320a1
File | Mode | Size |
---|---|---|
config | ||
contrib | ||
doc | ||
src | ||
.gitignore | -rw-r--r-- | 360 bytes |
COPYRIGHT | -rw-r--r-- | 1.2 KB |
GNUmakefile.in | -rw-r--r-- | 3.5 KB |
HISTORY | -rw-r--r-- | 283 bytes |
Makefile | -rw-r--r-- | 1.5 KB |
README | -rw-r--r-- | 1.2 KB |
README.git | -rw-r--r-- | 727 bytes |
aclocal.m4 | -rw-r--r-- | 385 bytes |
configure | -rwxr-xr-x | 850.2 KB |
configure.in | -rw-r--r-- | 62.7 KB |
Computing file changes ...