]> granicus.if.org Git - postgresql/commitdiff
Correct pg_recvlogical server version test.
authorNoah Misch <noah@leadboat.com>
Thu, 26 Apr 2018 01:50:29 +0000 (18:50 -0700)
committerNoah Misch <noah@leadboat.com>
Thu, 26 Apr 2018 01:50:32 +0000 (18:50 -0700)
The predecessor test boiled down to "PQserverVersion(NULL) >= 100000",
which is always false.  No release includes that, so it could not have
reintroduced CVE-2018-1058.  Back-patch to 9.4, like the addition of the
predecessor in commit 8d2814f274def85f39fbe997d454b01628cb5667.

Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com

src/bin/pg_basebackup/streamutil.c

index 42e0cb10821b8b6ba1c9f3dfc3b72d2e7270f050..7b60a070765c55f401ca0df81b6a4b6ee1958741 100644 (file)
@@ -212,7 +212,7 @@ GetConnection(void)
         * 10, so the search path cannot be changed (by us or attackers) on
         * earlier versions.
         */
-       if (dbname != NULL && PQserverVersion(conn) >= 100000)
+       if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
        {
                PGresult   *res;