From 537cbd35c893e67a63c59bc636c3e888bd228bc7 Mon Sep 17 00:00:00 2001
From: Noah Misch
Date: Mon, 17 Feb 2014 09:33:31 -0500
Subject: Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
---
 src/backend/commands/functioncmds.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'src/backend/commands')

diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c
index 350cb76ab8c..4c8119a474d 100644
--- a/src/backend/commands/functioncmds.c
+++ b/src/backend/commands/functioncmds.c
@@ -1017,7 +1017,6 @@ CreateFunction(CreateFunctionStmt *stmt, const char *queryString)
 						   prorows);
 }
 
-
 /*
  * Guts of function deletion.
  *
-- 
cgit v1.2.3