diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2010-09-03 01:34:55 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2010-09-03 01:34:55 +0000 |
| commit | 303696c3b47e6719e983e93da5896ddc4a2e0dbb (patch) | |
| tree | 0cf979aeaf94f5f4c45948c3db78755d08dde5a6 /src/backend/utils | |
| parent | 8ab6a6b4562efcd9f320353d5438fdbe10dbf9c5 (diff) | |
| download | postgresql-REL9_1_ALPHA1.tar.gz postgresql-REL9_1_ALPHA1.zip | |
Install a data-type-based solution for protecting pg_get_expr().REL9_1_ALPHA1
Since the code underlying pg_get_expr() is not secure against malformed
input, and can't practically be made so, we need to prevent miscreants
from feeding arbitrary data to it. We can do this securely by declaring
pg_get_expr() to take a new datatype "pg_node_tree" and declaring the
system catalog columns that hold nodeToString output to be of that type.
There is no way at SQL level to create a non-null value of type pg_node_tree.
Since the backend-internal operations that fill those catalog columns
operate below the SQL level, they are oblivious to the datatype relabeling
and don't need any changes.
Diffstat (limited to 'src/backend/utils')
| -rw-r--r-- | src/backend/utils/adt/pseudotypes.c | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/src/backend/utils/adt/pseudotypes.c b/src/backend/utils/adt/pseudotypes.c index 6a56129e971..8986e069044 100644 --- a/src/backend/utils/adt/pseudotypes.c +++ b/src/backend/utils/adt/pseudotypes.c @@ -16,7 +16,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/pseudotypes.c,v 1.23 2010/01/02 16:57:55 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/pseudotypes.c,v 1.24 2010/09/03 01:34:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -398,3 +398,58 @@ shell_out(PG_FUNCTION_ARGS) PG_RETURN_VOID(); /* keep compiler quiet */ } + + +/* + * pg_node_tree_in - input routine for type PG_NODE_TREE. + * + * pg_node_tree isn't really a pseudotype --- it's real enough to be a table + * column --- but it presently has no operations of its own, and disallows + * input too, so its I/O functions seem to fit here as much as anywhere. + */ +Datum +pg_node_tree_in(PG_FUNCTION_ARGS) +{ + /* + * We disallow input of pg_node_tree values because the SQL functions that + * operate on the type are not secure against malformed input. + */ + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot accept a value of type pg_node_tree"))); + + PG_RETURN_VOID(); /* keep compiler quiet */ +} + +/* + * pg_node_tree_out - output routine for type PG_NODE_TREE. + * + * The internal representation is the same as TEXT, so just pass it off. + */ +Datum +pg_node_tree_out(PG_FUNCTION_ARGS) +{ + return textout(fcinfo); +} + +/* + * pg_node_tree_recv - binary input routine for type PG_NODE_TREE. + */ +Datum +pg_node_tree_recv(PG_FUNCTION_ARGS) +{ + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot accept a value of type pg_node_tree"))); + + PG_RETURN_VOID(); /* keep compiler quiet */ +} + +/* + * pg_node_tree_send - binary output routine for type PG_NODE_TREE. + */ +Datum +pg_node_tree_send(PG_FUNCTION_ARGS) +{ + return textsend(fcinfo); +} |