Add fix on security bug CVE-2020-14350.

danolivo · danolivo · commit 3a654bf3e905 · 2020-11-03T11:55:27.000+05:00
Add A.Lakhin's security TAP-test.
diff --git a/Makefile b/Makefile
@@ -20,6 +20,8 @@ EXTRA_REGRESS_OPTS=--temp-config=$(top_srcdir)/$(subdir)/conf.add
 DATA = aqo--1.0.sql aqo--1.0--1.1.sql
 DATA_built = aqo--1.1.sql
 
+TAP_TESTS = 1
+
 MODULE_big = aqo
 ifdef USE_PGXS
 PG_CONFIG = pg_config
diff --git a/aqo--1.0--1.1.sql b/aqo--1.0--1.1.sql
@@ -6,7 +6,8 @@ DROP INDEX public.aqo_query_texts_query_hash_idx CASCADE;
 DROP INDEX public.aqo_query_stat_idx CASCADE;
 DROP INDEX public.aqo_fss_access_idx CASCADE;
 
-CREATE UNIQUE INDEX aqo_fss_access_idx ON public.aqo_data (fspace_hash, fsspace_hash);
+CREATE UNIQUE INDEX aqo_fss_access_idx
+	ON public.aqo_data (fspace_hash, fsspace_hash);
 
 
 CREATE OR REPLACE FUNCTION aqo_migrate_to_1_1_get_pk(rel regclass) RETURNS regclass AS $$
@@ -16,8 +17,7 @@ BEGIN
 	SELECT i.indexrelid FROM pg_catalog.pg_index i JOIN
 	pg_catalog.pg_attribute a ON a.attrelid = i.indrelid AND
 								 a.attnum = ANY(i.indkey)
-	WHERE i.indrelid = rel AND
-		  i.indisprimary
+	WHERE i.indrelid = rel AND i.indisprimary
 	INTO idx;
 
 	RETURN idx;
@@ -27,19 +27,18 @@ $$ LANGUAGE plpgsql;
 
 DO $$
 BEGIN
-	EXECUTE format('ALTER TABLE %s RENAME to %s',
+	EXECUTE pg_catalog.format('ALTER TABLE %s RENAME to %s',
 				   aqo_migrate_to_1_1_get_pk('public.aqo_queries'),
 				   'aqo_queries_query_hash_idx');
 
-	EXECUTE format('ALTER TABLE %s RENAME to %s',
+	EXECUTE pg_catalog.format('ALTER TABLE %s RENAME to %s',
 				   aqo_migrate_to_1_1_get_pk('public.aqo_query_texts'),
 				   'aqo_query_texts_query_hash_idx');
 
-	EXECUTE format('ALTER TABLE %s RENAME to %s',
+	EXECUTE pg_catalog.format('ALTER TABLE %s RENAME to %s',
 				   aqo_migrate_to_1_1_get_pk('public.aqo_query_stat'),
 				   'aqo_query_stat_idx');
 END
 $$;
 
-
 DROP FUNCTION aqo_migrate_to_1_1_get_pk(regclass);
diff --git a/t/000_security.pl b/t/000_security.pl
@@ -0,0 +1,43 @@
+# Acquiring superuser privileges
+use strict;
+use warnings;
+use PostgresNode;
+use TestLib;
+use Test::More tests => 1;
+
+my $node;
+
+# Initialize node
+$node = get_new_node('node');
+$node->init;
+$node->start;
+
+my $query;
+my $is_su;
+
+print($node->safe_psql("postgres", "CREATE USER regress_hacker LOGIN"));
+$is_su = $node->safe_psql('postgres', undef,
+  extra_params => [ '-U', 'regress_hacker', '-c', 'SHOW is_superuser' ]);
+diag("The regress_hacker is superuser: " . $is_su . "\n");
+
+$query = q{
+CREATE FUNCTION format(f text, r regclass, t text)
+RETURNS text
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+  RETURN '';
+END
+$$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT;
+};
+
+print($node->safe_psql('postgres', undef,
+  extra_params => [ '-U', 'regress_hacker', '-c', $query ]) . "\n");
+
+$node->psql("postgres", "CREATE EXTENSION aqo");
+
+$is_su = $node->safe_psql('postgres', undef,
+  extra_params => [ '-U', 'regress_hacker', '-c', 'SHOW is_superuser' ]);
+
+diag("The regress_hacker is superuser: " . $is_su . "\n");
+ok($is_su eq 'off');
