]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d15ec27) | patch
Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart <nathan@postgresql.org>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commit4e51030af9e0a12d7fa06b73acd0c85024f81062
tree5f810bff4f93cd7279eef885b6ff302379e9801btree
parentd15ec27c977100037ae513ab7fe1a214bfc2507bcommit | diff
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/executor/functions.c diff | blob | blame | history
src/backend/rewrite/rewriteHandler.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
src/tools/pgindent/typedefs.list diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git