diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2010-09-03 01:34:55 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2010-09-03 01:34:55 +0000 |
| commit | 303696c3b47e6719e983e93da5896ddc4a2e0dbb (patch) | |
| tree | 0cf979aeaf94f5f4c45948c3db78755d08dde5a6 /src/backend | |
| parent | 8ab6a6b4562efcd9f320353d5438fdbe10dbf9c5 (diff) | |
| download | postgresql-REL9_1_ALPHA1.tar.gz postgresql-REL9_1_ALPHA1.zip | |
Install a data-type-based solution for protecting pg_get_expr().REL9_1_ALPHA1
Since the code underlying pg_get_expr() is not secure against malformed
input, and can't practically be made so, we need to prevent miscreants
from feeding arbitrary data to it. We can do this securely by declaring
pg_get_expr() to take a new datatype "pg_node_tree" and declaring the
system catalog columns that hold nodeToString output to be of that type.
There is no way at SQL level to create a non-null value of type pg_node_tree.
Since the backend-internal operations that fill those catalog columns
operate below the SQL level, they are oblivious to the datatype relabeling
and don't need any changes.
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/bootstrap/bootstrap.c | 7 | ||||
| -rw-r--r-- | src/backend/utils/adt/pseudotypes.c | 57 |
2 files changed, 61 insertions, 3 deletions
diff --git a/src/backend/bootstrap/bootstrap.c b/src/backend/bootstrap/bootstrap.c index 080d80e296b..c4744966ca2 100644 --- a/src/backend/bootstrap/bootstrap.c +++ b/src/backend/bootstrap/bootstrap.c @@ -8,7 +8,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/bootstrap/bootstrap.c,v 1.261 2010/04/20 01:38:52 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/bootstrap/bootstrap.c,v 1.262 2010/09/03 01:34:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -72,7 +72,8 @@ int numattr; /* number of attributes for cur. rel */ /* * Basic information associated with each type. This is used before - * pg_type is created. + * pg_type is filled, so it has to cover the datatypes used as column types + * in the core "bootstrapped" catalogs. * * XXX several of these input/output functions do catalog scans * (e.g., F_REGPROCIN scans pg_proc). this obviously creates some @@ -122,6 +123,8 @@ static const struct typinfo TypInfo[] = { F_XIDIN, F_XIDOUT}, {"cid", CIDOID, 0, 4, true, 'i', 'p', F_CIDIN, F_CIDOUT}, + {"pg_node_tree", PGNODETREEOID, 0, -1, false, 'i', 'x', + F_PG_NODE_TREE_IN, F_PG_NODE_TREE_OUT}, {"int2vector", INT2VECTOROID, INT2OID, -1, false, 'i', 'p', F_INT2VECTORIN, F_INT2VECTOROUT}, {"oidvector", OIDVECTOROID, OIDOID, -1, false, 'i', 'p', diff --git a/src/backend/utils/adt/pseudotypes.c b/src/backend/utils/adt/pseudotypes.c index 6a56129e971..8986e069044 100644 --- a/src/backend/utils/adt/pseudotypes.c +++ b/src/backend/utils/adt/pseudotypes.c @@ -16,7 +16,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/pseudotypes.c,v 1.23 2010/01/02 16:57:55 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/pseudotypes.c,v 1.24 2010/09/03 01:34:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -398,3 +398,58 @@ shell_out(PG_FUNCTION_ARGS) PG_RETURN_VOID(); /* keep compiler quiet */ } + + +/* + * pg_node_tree_in - input routine for type PG_NODE_TREE. + * + * pg_node_tree isn't really a pseudotype --- it's real enough to be a table + * column --- but it presently has no operations of its own, and disallows + * input too, so its I/O functions seem to fit here as much as anywhere. + */ +Datum +pg_node_tree_in(PG_FUNCTION_ARGS) +{ + /* + * We disallow input of pg_node_tree values because the SQL functions that + * operate on the type are not secure against malformed input. + */ + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot accept a value of type pg_node_tree"))); + + PG_RETURN_VOID(); /* keep compiler quiet */ +} + +/* + * pg_node_tree_out - output routine for type PG_NODE_TREE. + * + * The internal representation is the same as TEXT, so just pass it off. + */ +Datum +pg_node_tree_out(PG_FUNCTION_ARGS) +{ + return textout(fcinfo); +} + +/* + * pg_node_tree_recv - binary input routine for type PG_NODE_TREE. + */ +Datum +pg_node_tree_recv(PG_FUNCTION_ARGS) +{ + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot accept a value of type pg_node_tree"))); + + PG_RETURN_VOID(); /* keep compiler quiet */ +} + +/* + * pg_node_tree_send - binary output routine for type PG_NODE_TREE. + */ +Datum +pg_node_tree_send(PG_FUNCTION_ARGS) +{ + return textsend(fcinfo); +} |