]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a386d14) | patch
pg_createsubscriber: Obstruct SQL injection via subscription names.
authorNathan Bossart <nathan@postgresql.org>
Mon, 11 May 2026 12:13:49 +0000 (05:13 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:49 +0000 (05:13 -0700)
commitd7de7fa84d2492f15747163cbb2f4c5c110ec4a4
treef079a73f7f025277f81901147149f25d1bd6c3a1tree | snapshot
parenta386d14feb210cd9c6c9b68cd8782e089f4d5b62commit | diff
pg_createsubscriber: Obstruct SQL injection via subscription names.

drop_existing_subscription() neglected to escape the subscription
name when generating its query string.  To fix, use
PQescapeIdentifier() to construct a properly escaped name, and use
it in the ALTER SUBSCRIPTION and DROP SUBSCRIPTION commands.

Reported-by: Yu Kunpeng <yu443940816@live.com>
Author: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Security: CVE-2026-6476
Backpatch-through: 17
src/bin/pg_basebackup/pg_createsubscriber.c diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git