Correct pg_recvlogical server version test.

nmisch · nmisch · commit 6336b6dfc5c5 · 2018-04-25T18:50:29.000-07:00
The predecessor test boiled down to "PQserverVersion(NULL) >= 100000", which is always false. No release includes that, so it could not have reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the predecessor in commit 8d2814f. Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com
diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c
@@ -223,7 +223,7 @@ GetConnection(void)
 	 * 10, so the search path cannot be changed (by us or attackers) on
 	 * earlier versions.
 	 */
-	if (dbname != NULL && PQserverVersion(conn) >= 100000)
+	if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
 	{
 		PGresult   *res;
 

Original file line number	Diff line number	Diff line change
`@@ -223,7 +223,7 @@ GetConnection(void)`
`223`	`223`	`* 10, so the search path cannot be changed (by us or attackers) on`
`224`	`224`	`* earlier versions.`
`225`	`225`	`*/`
`226`		`- if (dbname != NULL && PQserverVersion(conn) >= 100000)`
	`226`	`+ if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)`
`227`	`227`	`{`
`228`	`228`	`PGresult *res;`
`229`	`229`