Re: PL/Python error checking

On Sun, Jul 10, 2005 at 12:58:24AM -0400, Bruce Momjian wrote:
> Michael Fuhr wrote:
> > The patch is against HEAD but the same changes should be applied
> > to earlier versions because they have the same problem.  The patch
> > might not apply cleanly against earlier versions -- will the committer
> > take care of little differences or should I submit different versions
> > of the patch?
>
> I am unclear about backpatching this.  We have to weigh the risks of
> applying or not applying to 8.0.X.  Comments?

Since 7.4, PL/Python is only available as an untrusted language,
so only a database superuser could create an exploitable function.
However, it might be possible for an ordinary user to tickle the
bug by calling such a function and passing it certain data, either
as an argument or as table data.  The code is buggy in any case:
PyObject_Str() is documented to return NULL on error, and
PyString_AsString() doesn't expect a NULL pointer so it segfaults
if passed one.  Since the patch simply checks for that condition
and raises an error instead of calling a function that will segfault
and take down the backend, I can't think of what risk applying the
patch would have.  The greater risk would seem to be in not applying
it.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/