]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79b7847) | patch
Check CREATE privilege on multirange type schema in CREATE TYPE.
authorNathan Bossart <nathan@postgresql.org>
Mon, 11 May 2026 12:13:50 +0000 (05:13 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:50 +0000 (05:13 -0700)
commitd92852d624f3d2df4b1140349350fa2c1fdc6571
treee7de602d5be3d306f8622d641e2a1760ed8cb832tree | snapshot
parent79b7847c729bcbbe7ae2af1742adc6db86904932commit | diff
Check CREATE privilege on multirange type schema in CREATE TYPE.

This omission allowed roles to create multirange types in any
schema, potentially leading to privilege escalations.  Note that
when a multirange type name is not specified in CREATE TYPE, it is
automatically placed in the range type's schema, which is checked
at the beginning of DefineRange().

Reported-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Author: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Tomas Vondra <tomas@vondra.me>
Security: CVE-2026-6472
Backpatch-through: 14
src/backend/commands/typecmds.c diff | blob | blame | history
src/test/regress/expected/multirangetypes.out diff | blob | blame | history
src/test/regress/sql/multirangetypes.sql diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git