]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c4e7435) | patch
Fix SQL injection in logical replication origin checks.
authorNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:48 +0000 (05:13 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 11 May 2026 12:13:48 +0000 (05:13 -0700)
commitf0f59b658ef10901c9af3af7705c802a72a0577e
treec09278453af50e2b7f07a6f3d1ede4e9ade56ccetree | snapshot
parentc4e7435b30984dacd0396ce0128bd54c8026fef5commit | diff
Fix SQL injection in logical replication origin checks.

ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them.  A crafted subscriber
relation name can inject arbitrary SQL on the publisher.  Test such a
name.  Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.

Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 16
Security: CVE-2026-6638
src/backend/commands/subscriptioncmds.c diff | blob | blame | history
src/test/subscription/t/030_origin.pl diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git