projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e428cd0) | patch
Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart <[email protected]>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart <[email protected]>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commit952ff31e2a89e8ca79ecb12d61fddbeac3d89176
tree5bc7bb20a64566bf5ee61ff64c7ee0caf794ca33tree
parente428cd058f0bebb5782b0c263565b0ad088e9650commit | diff
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/executor/functions.c diff | blob | blame | history
src/backend/rewrite/rewriteHandler.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
src/tools/pgindent/typedefs.list diff | blob | blame | history
This is the main PostgreSQL git repository.