git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Nathan Bossart <nathan@postgresql.org>
	Mon, 11 May 2026 12:13:51 +0000 (05:13 -0700)
committer	Noah Misch <noah@leadboat.com>
	Mon, 11 May 2026 12:13:51 +0000 (05:13 -0700)
commit	8bca85e9ff14fd4c24acd049cf9ff00c304001e4
tree	f28cf6df8d7df2ddda2e145c0dce7c359b722989	tree \| snapshot
parent	2c8226f52b4258e9e55185dce11d58a40c66663a	commit \| diff

Check CREATE privilege on multirange type schema in CREATE TYPE.

This omission allowed roles to create multirange types in any
schema, potentially leading to privilege escalations. Note that
when a multirange type name is not specified in CREATE TYPE, it is
automatically placed in the range type's schema, which is checked
at the beginning of DefineRange().

Reported-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Author: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Tomas Vondra <tomas@vondra.me>
Security: CVE-2026-6472
Backpatch-through: 14

src/backend/commands/typecmds.c		diff \| blob \| blame \| history
src/test/regress/expected/multirangetypes.out		diff \| blob \| blame \| history
src/test/regress/sql/multirangetypes.sql		diff \| blob \| blame \| history