upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-14 13:37:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/tools
History
Noah Misch e8f4922c86 Obstruct shell, SQL, and conninfo injection via database and role names. 
Due to simplistic quoting and confusion of database names with conninfo
strings, roles with the CREATEDB or CREATEROLE option could escalate to
superuser privileges when a superuser next ran certain maintenance
commands.  The new coding rule for PQconnectdbParams() calls, documented
at conninfo_array_parse(), is to pass expand_dbname=true and wrap
literal database names in a trivial connection string.  Escape
zero-length values in appendConnStrVal().  Back-patch to 9.1 (all
supported versions).

Nathan Bossart, Michael Paquier, and Noah Misch.  Reviewed by Peter
Eisentraut.  Reported by Nathan Bossart.

Security: CVE-2016-5424
2016-08-08 10:07:53 -04:00
..
backend Lots of doc corrections. 2012-04-23 22:43:09 -04:00
editors Small update to emacs example configuration 2011-04-23 00:47:01 +03:00
entab entab: Improve makefile 2012-04-24 21:20:55 +03:00
findoidjoins Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
ifaddrs Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
make_diff Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
msvc Obstruct shell, SQL, and conninfo injection via database and role names. 2016-08-08 10:07:53 -04:00
pginclude Exclude utils/probes.h and pg_trace.h from cpluspluscheck 2013-03-01 22:43:47 -05:00
pgindent Remove 'for' loop perltidy argument, and move args to perltidyrc file. 2012-06-16 10:12:50 -04:00
ccsym Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
check_bison_recursion.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00
check_keywords.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00
codelines Fix remaining stray references to CVS. 2010-09-22 19:51:39 -04:00
copyright.pl Run updated copyright.pl on HEAD and 9.2 trees, updating the psql 2012-07-06 12:28:18 -04:00
FAQ2txt Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
find_badmacros Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
find_static Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
find_typedef Remove BSD/OS (BSDi) port. There are no known users upgrading to 2012-05-03 10:58:44 -04:00
git-external-diff Add comment to tools/git-external-diff. 2011-03-11 05:06:31 -05:00
git_changelog Mark git_changelog examples with the proper executable names. 2012-05-02 20:42:44 -04:00
make_ctags Mention original ctags option name. 2012-02-24 16:19:18 -05:00
make_etags Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
make_keywords Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
make_mkid Add another pgdefine path check, and a cvs-git change. 2011-08-26 21:52:35 -04:00
pgtest Modify tools/pgtest to run the 'make' command from a variable, and default 2011-12-30 16:29:25 -05:00
RELEASE_CHANGES Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
version_stamp.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00
win32tzlist.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00