summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5917297)
raw | patch | inline | side by side (parent: 5917297)
| author | Magnus Hagander <magnus@hagander.net> | |
| Sun, 18 Mar 2018 12:08:25 +0000 (13:08 +0100) | ||
| committer | Magnus Hagander <magnus@hagander.net> | |
| Sun, 18 Mar 2018 12:11:40 +0000 (13:11 +0100) |
In e170b8c8, protection against modified search_path was added. However,
PostgreSQL versions prior to 10 does not accept SQL commands over a
replication connection, so the protection would generate a syntax error.
Since we cannot run SQL commands on it, we are also not vulnerable to
the issue that e170b8c8 fixes, so we can just skip this command for
older versions.
Author: Michael Paquier <michael@paquier.xyz>
PostgreSQL versions prior to 10 does not accept SQL commands over a
replication connection, so the protection would generate a syntax error.
Since we cannot run SQL commands on it, we are also not vulnerable to
the issue that e170b8c8 fixes, so we can just skip this command for
older versions.
Author: Michael Paquier <michael@paquier.xyz>
| src/bin/pg_basebackup/streamutil.c | patch | blob | blame | history |
index aa14dbbb75b253cf874e08acd44d9117be07a52e..97484aa573d6036af525bd5b45c10aaeb14d04d4 100644 (file)
if (conn_opts)
PQconninfoFree(conn_opts);
- /* Set always-secure search path, so malicious users can't get control. */
- if (dbname != NULL)
+ /*
+ * Set always-secure search path, so malicious users can't get control.
+ * The capacity to run normal SQL queries was added in PostgreSQL
+ * 10, so the search path cannot be changed (by us or attackers) on
+ * earlier versions.
+ */
+ if (dbname != NULL && PQserverVersion(conn) >= 100000)
{
PGresult *res;