From: Fujii Masao Date: Thu, 28 May 2026 11:58:08 +0000 (+0900) Subject: postgres_fdw, dblink: Validate use_scram_passthrough values X-Git-Tag: REL_19_BETA1~29 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=8a86aa313a714adc56c74e4b08793e4e6102b5ca;p=thirdparty%2Fpostgresql.git postgres_fdw, dblink: Validate use_scram_passthrough values The use_scram_passthrough option in postgres_fdw and dblink accepts only boolean values. However, unlike other boolean options such as keep_connections, its value was not previously validated. As a result, commands such as "CREATE SERVER ... OPTIONS (use_scram_passthrough 'invalid')" could succeed unexpectedly. This commit updates postgres_fdw and dblink to validate that use_scram_passthrough is assigned a valid boolean value, and throw an error for invalid input. Backpatch to v18, where use_scram_passthrough was introduced. Author: Fujii Masao Reviewed-by: Ayush Tiwari Reviewed-by: Matheus Alcantara Discussion: https://postgr.es/m/CAHGQGwF+-k-Ehsu5W94ZP7GxS3wiBd+mi0PfGTdJ_i2Yr0zR3g@mail.gmail.com Backpatch-through: 18 --- diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 448d469aba8..3329f9ac0cc 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -1995,6 +1995,9 @@ dblink_fdw_validator(PG_FUNCTION_ARGS) closest_match) : 0 : errhint("There are no valid options in this context."))); } + + if (strcmp(def->defname, "use_scram_passthrough") == 0) + (void) defGetBoolean(def); /* accept only boolean values */ } PG_RETURN_VOID(); diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c index 3944aedbacc..79b16c3f318 100644 --- a/contrib/postgres_fdw/option.c +++ b/contrib/postgres_fdw/option.c @@ -121,7 +121,8 @@ postgres_fdw_validator(PG_FUNCTION_ARGS) strcmp(def->defname, "parallel_commit") == 0 || strcmp(def->defname, "parallel_abort") == 0 || strcmp(def->defname, "keep_connections") == 0 || - strcmp(def->defname, "restore_stats") == 0) + strcmp(def->defname, "restore_stats") == 0 || + strcmp(def->defname, "use_scram_passthrough") == 0) { /* these accept only boolean values */ (void) defGetBoolean(def);