upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-05-27 12:00:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/contrib/spi
History
Nathan Bossart 1ebda7da9a refint: Fix SQL injection and buffer overruns. 
Maliciously crafted key value updates could achieve SQL injection
within check_foreign_key().  To fix, ensure new key values are
properly quoted and escaped in the internally generated SQL
statements.  While at it, avoid potential buffer overruns by
replacing the stack buffers for internally generated SQL statements
with StringInfo.

Reported-by: Nikolay Samokhvalov <nik@postgres.ai>
Author: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Fujii Masao <masao.fujii@gmail.com>
Security: CVE-2026-6637
Backpatch-through: 14
2026-05-11 05:13:48 -07:00
..
expected Move contrib/spi testing from core regression tests to contrib/spi. 2025-04-08 19:12:03 -04:00
sql Move contrib/spi testing from core regression tests to contrib/spi. 2025-04-08 19:12:03 -04:00
.gitignore Move contrib/spi testing from core regression tests to contrib/spi. 2025-04-08 19:12:03 -04:00
autoinc--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
autoinc.c Use PG_MODULE_MAGIC_EXT in our installable shared libraries. 2025-03-26 11:11:02 -04:00
autoinc.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
autoinc.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
insert_username--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
insert_username.c Use PG_MODULE_MAGIC_EXT in our installable shared libraries. 2025-03-26 11:11:02 -04:00
insert_username.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
insert_username.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
Makefile Move contrib/spi testing from core regression tests to contrib/spi. 2025-04-08 19:12:03 -04:00
meson.build Move contrib/spi testing from core regression tests to contrib/spi. 2025-04-08 19:12:03 -04:00
moddatetime--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
moddatetime.c Use PG_MODULE_MAGIC_EXT in our installable shared libraries. 2025-03-26 11:11:02 -04:00
moddatetime.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
moddatetime.example Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
refint--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
refint.c refint: Fix SQL injection and buffer overruns. 2026-05-11 05:13:48 -07:00
refint.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
refint.example Fix inconsistencies and typos in the tree, take 10 2019-08-13 13:53:41 +09:00