]> granicus.if.org Git - postgresql/commitdiff
projects / postgresql / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c6aeba3)
Guard against null arguments in binary_upgrade_create_empty_extension().
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 3 Jan 2016 21:26:38 +0000 (16:26 -0500)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 3 Jan 2016 21:26:38 +0000 (16:26 -0500)
The CHECK_IS_BINARY_UPGRADE macro is not sufficient security protection
if we're going to dereference pass-by-reference arguments before it.

But in any case we really need to explicitly check PG_ARGISNULL for all
the arguments of a non-strict function, not only the ones we expect null
values for.

Oversight in commits 30982be4e5019684e1772dd9170aaa53f5a8e894 and
f92fc4c95ddcc25978354a8248d3df22269201bc.  Found by Andreas Seltenreich.
(The other usages in pg_upgrade_support.c seem safe.)

src/backend/utils/adt/pg_upgrade_support.c patch | blob | history

diff --git a/src/backend/utils/adt/pg_upgrade_support.c b/src/backend/utils/adt/pg_upgrade_support.c
index b5c732bfca29947ab4053ef54aa0e629f05d8915..912eadaf369a4a1ac8dd11b8341aa258d472347d 100644 (file)
--- a/src/backend/utils/adt/pg_upgrade_support.c
+++ b/src/backend/utils/adt/pg_upgrade_support.c
@@ -129,16 +129,28 @@ binary_upgrade_set_next_pg_authid_oid(PG_FUNCTION_ARGS)
 Datum
 binary_upgrade_create_empty_extension(PG_FUNCTION_ARGS)
 {
-       text       *extName = PG_GETARG_TEXT_PP(0);
-       text       *schemaName = PG_GETARG_TEXT_PP(1);
-       bool            relocatable = PG_GETARG_BOOL(2);
-       text       *extVersion = PG_GETARG_TEXT_PP(3);
+       text       *extName;
+       text       *schemaName;
+       bool            relocatable;
+       text       *extVersion;
        Datum           extConfig;
        Datum           extCondition;
        List       *requiredExtensions;
 
        CHECK_IS_BINARY_UPGRADE;
 
+       /* We must check these things before dereferencing the arguments */
+       if (PG_ARGISNULL(0) ||
+               PG_ARGISNULL(1) ||
+               PG_ARGISNULL(2) ||
+               PG_ARGISNULL(3))
+               elog(ERROR, "null argument to binary_upgrade_create_empty_extension is not allowed");
+
+       extName = PG_GETARG_TEXT_PP(0);
+       schemaName = PG_GETARG_TEXT_PP(1);
+       relocatable = PG_GETARG_BOOL(2);
+       extVersion = PG_GETARG_TEXT_PP(3);
+
        if (PG_ARGISNULL(4))
                extConfig = PointerGetDatum(NULL);
        else
Unnamed repository; edit this file 'description' to name the repository.