git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 Nov 2017 09:17:44 +0000 (09:17 +0000)
committer	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 Nov 2017 09:17:44 +0000 (09:17 +0000)
commit	3f80895723037c0d1c684dbdd50b7e03453df90f
tree	4e539f0b75e192c0612bb398723c40089ed768f0	tree
parent	937f67800a7d3c30870af7b1115a76f44bc26e78	commit \| diff

Always require SELECT permission for ON CONFLICT DO UPDATE.

The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name.

In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies when the update
path was taken (regardless of how the arbiter index was specified).

Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced.

Security: CVE-2017-15099

src/backend/catalog/pg_constraint.c		diff \| blob \| blame \| history
src/backend/parser/parse_clause.c		diff \| blob \| blame \| history
src/backend/rewrite/rowsecurity.c		diff \| blob \| blame \| history
src/include/catalog/pg_constraint_fn.h		diff \| blob \| blame \| history
src/test/regress/expected/privileges.out		diff \| blob \| blame \| history
src/test/regress/expected/rowsecurity.out		diff \| blob \| blame \| history
src/test/regress/sql/privileges.sql		diff \| blob \| blame \| history
src/test/regress/sql/rowsecurity.sql		diff \| blob \| blame \| history