Participants
Andrew Dunstan
Andrew Dunstan
Attachments
Show all attachments
Thread Outline
#1Andrew DunstanAndrew Dunstan
May 30, 01:59

pgsql: Avoid leaking system path from pg_available_extensions

Started by Andrew Dunstan28 days ago1 messagescomitters
Jump to latest
#1Andrew Dunstan
Andrew Dunstan
andrew@dunslane.net

Avoid leaking system path from pg_available_extensions

The documentation says that when extension_control_path is set to an
empty string, the default '$system' path is still assumed. However,
get_extension_control_directories() added the system extension directory
with a NULL macro in that case. As a result, pg_available_extensions
could expose the expanded system directory path instead of reporting
'$system' as the location.

Record the implicitly-added system directory with the '$system' macro, so
pg_available_extensions reports the documented symbolic location and does
not leak the actual system path.

Update the extension_control_path TAP test to check the reported location
directly.

Author: Chao Li <lic@highgo.com>
Reviewed-by: Lu Feng <fnlo1995@gmail.com>
Reviewed-by: Matheus Alcantara <matheusssilv97@gmail.com>
Reviewed-by: Jim Jones <jim.jones@uni-muenster.de>
Discussion: /messages/by-id/357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/db5ed03217b9c238703df8b4b286115d6e940488

Modified Files
--------------
src/backend/commands/extension.c | 8 +++++---
src/test/modules/test_extensions/t/001_extension_control_path.pl | 6 +++---
2 files changed, 8 insertions(+), 6 deletions(-)

← Back to Topics