From: Fujii Masao Date: Thu, 28 May 2026 11:58:45 +0000 (+0900) Subject: postgres_fdw, dblink: Validate use_scram_passthrough values X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=e5d019fbdc12281f666a94d3d2cf8ad33ae2006a;p=thirdparty%2Fpostgresql.git postgres_fdw, dblink: Validate use_scram_passthrough values The use_scram_passthrough option in postgres_fdw and dblink accepts only boolean values. However, unlike other boolean options such as keep_connections, its value was not previously validated. As a result, commands such as "CREATE SERVER ... OPTIONS (use_scram_passthrough 'invalid')" could succeed unexpectedly. This commit updates postgres_fdw and dblink to validate that use_scram_passthrough is assigned a valid boolean value, and throw an error for invalid input. Backpatch to v18, where use_scram_passthrough was introduced. Author: Fujii Masao Reviewed-by: Ayush Tiwari Reviewed-by: Matheus Alcantara Discussion: https://postgr.es/m/CAHGQGwF+-k-Ehsu5W94ZP7GxS3wiBd+mi0PfGTdJ_i2Yr0zR3g@mail.gmail.com Backpatch-through: 18 --- diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 2f803e7ed3c..62706dae004 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -2010,6 +2010,9 @@ dblink_fdw_validator(PG_FUNCTION_ARGS) closest_match) : 0 : errhint("There are no valid options in this context."))); } + + if (strcmp(def->defname, "use_scram_passthrough") == 0) + (void) defGetBoolean(def); /* accept only boolean values */ } PG_RETURN_VOID(); diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c index 6d5795b9fa9..0ab1fd70186 100644 --- a/contrib/postgres_fdw/option.c +++ b/contrib/postgres_fdw/option.c @@ -125,7 +125,8 @@ postgres_fdw_validator(PG_FUNCTION_ARGS) strcmp(def->defname, "async_capable") == 0 || strcmp(def->defname, "parallel_commit") == 0 || strcmp(def->defname, "parallel_abort") == 0 || - strcmp(def->defname, "keep_connections") == 0) + strcmp(def->defname, "keep_connections") == 0 || + strcmp(def->defname, "use_scram_passthrough") == 0) { /* these accept only boolean values */ (void) defGetBoolean(def);