]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d93ef41) | patch
Fix SQL injection in logical replication origin checks.
authorNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:47 +0000 (05:13 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:47 +0000 (05:13 -0700)
commitcb35d730689546dd7334437f2954a6670fbb967e
tree855d52245892b8244f42820db9b636044b4aeadctree | snapshot
parentd93ef413174daae721c6f2cfda3fbd5187f0b4eecommit | diff
Fix SQL injection in logical replication origin checks.

ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them.  A crafted subscriber
relation name can inject arbitrary SQL on the publisher.  Test such a
name.  Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.

Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 16
Security: CVE-2026-6638
src/backend/commands/subscriptioncmds.c diff | blob | blame | history
src/test/subscription/t/030_origin.pl diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git