pgsql: Fix choice of comparison operators for cross-type hashedsubplan
| От | Tom Lane |
|---|---|
| Тема | pgsql: Fix choice of comparison operators for cross-type hashedsubplan |
| Дата | |
| Msg-id | E1huenB-00079K-Ec@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Fix choice of comparison operators for cross-type hashed subplans. Commit bf6c614a2 rearranged the lookup of the comparison operators needed in a hashed subplan, and in so doing, broke the cross-type case: it caused the original LHS-vs-RHS operator to be used to compare hash table entries too (which of course are all of the RHS type). This leads to C functions being passed a Datum that is not of the type they expect, with the usual hazards of crashes and unauthorized server memory disclosure. For the set of hashable cross-type operators present in v11 core Postgres, this bug is nearly harmless on 64-bit machines, which may explain why it escaped earlier detection. But it is a live security hazard on 32-bit machines; and of course there may be extensions that add more hashable cross-type operators, which would increase the risk. Reported by Andreas Seltenreich. Back-patch to v11 where the problem came in. Security: CVE-2019-10209 Branch ------ REL_12_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/de4b75c1549ac0baf45b4bcb8d49e2fac90ac43a Modified Files -------------- src/backend/executor/nodeSubplan.c | 15 ++++++++++----- src/test/regress/expected/subselect.out | 24 ++++++++++++++++++++++++ src/test/regress/sql/subselect.sql | 10 ++++++++++ 3 files changed, 44 insertions(+), 5 deletions(-)
В списке pgsql-committers по дате отправления: