The predecessor test boiled down to "PQserverVersion(NULL) >= 100000",
which is always false. No release includes that, so it could not have
reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the
predecessor in commit
8d2814f274def85f39fbe997d454b01628cb5667.
Discussion: https://postgr.es/m/
20180422215551.GB2676194@rfd.leadboat.com
* 10, so the search path cannot be changed (by us or attackers) on
* earlier versions.
*/
- if (dbname != NULL && PQserverVersion(conn) >= 100000)
+ if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
{
PGresult *res;