]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e530835) | patch
Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commit6db5ea8de8ce15897b706009aaf701d23bd65b23
treead7b006beea236caf7371509d37238bcb463531dtree | snapshot
parente530835c6cc5b2dbf330ebe6b0a7fb9f19f5a54ccommit | diff
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/executor/functions.c diff | blob | blame | history
src/backend/rewrite/rewriteHandler.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
src/tools/pgindent/typedefs.list diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git