projects / users / rhaas / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c66b438) | patch
Always require SELECT permission for ON CONFLICT DO UPDATE.
authorDean Rasheed <dean.a.rasheed@gmail.com>
Mon, 6 Nov 2017 09:19:22 +0000 (09:19 +0000)
committerDean Rasheed <dean.a.rasheed@gmail.com>
Mon, 6 Nov 2017 09:19:22 +0000 (09:19 +0000)
commit87b2ebd352c4afe1ded0841604b59a3afbae97d1
tree8366063dbcd2a7b63a60873797ceb12453bd7417tree
parentc66b438db62748000700c9b90b585e756dd54141commit | diff
Always require SELECT permission for ON CONFLICT DO UPDATE.

The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name.

In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies when the update
path was taken (regardless of how the arbiter index was specified).

Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced.

Security: CVE-2017-15099
src/backend/catalog/pg_constraint.c diff | blob | blame | history
src/backend/parser/parse_clause.c diff | blob | blame | history
src/backend/rewrite/rowsecurity.c diff | blob | blame | history
src/include/catalog/pg_constraint_fn.h diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
Robert Haas's development tree.