projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b7e3a52) | patch
Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commitcd7ab57532bb4fbf2e636b1f7d132e6e2d9ac5fc
tree9722b0b38892c6de219423fa25bf7e9bdc946fd4tree
parentb7e3a52a877cffb42ec7208232e30a8e44231e01commit | diff
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/executor/functions.c diff | blob | blame | history
src/backend/rewrite/rewriteHandler.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
src/tools/pgindent/typedefs.list diff | blob | blame | history
This is the main PostgreSQL git repository.