]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8fe3e69) | patch
Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commit562289460e118fcad44ec916dcdab21e4763c38c
tree3baee85d1ac570a5e3d86ab3b4aed417c78379c5tree
parent8fe3e697a1a83a722b107c7cb9c31084e1f4d077commit | diff
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/executor/functions.c diff | blob | blame | history
src/backend/rewrite/rewriteHandler.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
src/tools/pgindent/typedefs.list diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git