From af5fbb1286cd4319db52835d4847175af9c2ed56 Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Sun, 18 Mar 2018 13:08:25 +0100 Subject: [PATCH] Fix pg_recvlogical for pre-10 versions In e170b8c8, protection against modified search_path was added. However, PostgreSQL versions prior to 10 does not accept SQL commands over a replication connection, so the protection would generate a syntax error. Since we cannot run SQL commands on it, we are also not vulnerable to the issue that e170b8c8 fixes, so we can just skip this command for older versions. Author: Michael Paquier --- src/bin/pg_basebackup/streamutil.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c index 22bf5f71c8b..da14c0cf585 100644 --- a/src/bin/pg_basebackup/streamutil.c +++ b/src/bin/pg_basebackup/streamutil.c @@ -206,8 +206,13 @@ GetConnection(void) if (conn_opts) PQconninfoFree(conn_opts); - /* Set always-secure search path, so malicious users can't get control. */ - if (dbname != NULL) + /* + * Set always-secure search path, so malicious users can't get control. + * The capacity to run normal SQL queries was added in PostgreSQL + * 10, so the search path cannot be changed (by us or attackers) on + * earlier versions. + */ + if (dbname != NULL && PQserverVersion(conn) >= 100000) { PGresult *res; -- 2.39.5