granicus.if.org Git - postgresql/commit

author	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 Nov 2017 09:16:24 +0000 (09:16 +0000)
committer	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 Nov 2017 09:16:24 +0000 (09:16 +0000)
commit	1f23d1cd21ed46dba882729bedd9c40b71995989
tree	0142fe633272a0d01a2b00444f3f5bc23336f480	tree \| snapshot
parent	971983f42fe6e8b90490a76a649f0c92905d7d47	commit \| diff

Always require SELECT permission for ON CONFLICT DO UPDATE.

The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name.

In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies when the update
path was taken (regardless of how the arbiter index was specified).

Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced.

Security: CVE-2017-15099

src/backend/catalog/pg_constraint.c		diff \| blob \| history
src/backend/parser/parse_clause.c		diff \| blob \| history
src/backend/rewrite/rowsecurity.c		diff \| blob \| history
src/include/catalog/pg_constraint_fn.h		diff \| blob \| history
src/test/regress/expected/privileges.out		diff \| blob \| history
src/test/regress/expected/rowsecurity.out		diff \| blob \| history
src/test/regress/sql/privileges.sql		diff \| blob \| history
src/test/regress/sql/rowsecurity.sql		diff \| blob \| history