]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 00e2723) | patch
Fix SQL injection in logical replication origin checks.
authorNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:50 +0000 (05:13 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:50 +0000 (05:13 -0700)
commit248a433cd10759ef968ebed655d19dd1ef129bf6
tree5d1c5237255c5d3f2fa3dcc16e9a6df84f45b198tree | snapshot
parent00e27235e5ef6596acc94ec60eb17f74810bf817commit | diff
Fix SQL injection in logical replication origin checks.

ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them.  A crafted subscriber
relation name can inject arbitrary SQL on the publisher.  Test such a
name.  Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.

Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 16
Security: CVE-2026-6638
src/backend/commands/subscriptioncmds.c diff | blob | blame | history
src/test/subscription/t/030_origin.pl diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git