Correct pg_recvlogical server version test.

nmisch · nmisch · commit c7cc9b7d4080 · 2018-04-25T18:50:32.000-07:00
The predecessor test boiled down to "PQserverVersion(NULL) >= 100000", which is always false. No release includes that, so it could not have reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the predecessor in commit 8d2814f. Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com
diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c
@@ -212,7 +212,7 @@ GetConnection(void)
 	 * 10, so the search path cannot be changed (by us or attackers) on
 	 * earlier versions.
 	 */
-	if (dbname != NULL && PQserverVersion(conn) >= 100000)
+	if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
 	{
 		PGresult   *res;
 

Original file line number	Diff line number	Diff line change
`@@ -212,7 +212,7 @@ GetConnection(void)`
`212`	`212`	`* 10, so the search path cannot be changed (by us or attackers) on`
`213`	`213`	`* earlier versions.`
`214`	`214`	`*/`
`215`		`- if (dbname != NULL && PQserverVersion(conn) >= 100000)`
	`215`	`+ if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)`
`216`	`216`	`{`
`217`	`217`	`PGresult *res;`
`218`	`218`