Tighten pg_get_object_address argument checking

Started by Peter Eisentrautover 3 years ago3 messageshackers

peter_e@gmx.net

over 3 years ago

For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user
mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the
array length of the second argument, but not of the first argument.
If the first argument was too long, it would just silently ignore
everything but the first argument. Fix that by checking the length of
the first argument as well.

I wouldn't be surprised if there were more holes like this in this area.
I just happened to find these while working on something related.

Amit Kapila

amit.kapila16@gmail.com

over 3 years ago

In reply to: Peter Eisentraut (#1)

Re: Tighten pg_get_object_address argument checking

On Tue, Sep 20, 2022 at 11:14 PM Peter Eisentraut
<peter.eisentraut@enterprisedb.com> wrote:

For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user
mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the
array length of the second argument, but not of the first argument.
If the first argument was too long, it would just silently ignore
everything but the first argument. Fix that by checking the length of
the first argument as well.

LGTM.

--
With Regards,
Amit Kapila.

Peter Eisentraut

peter_e@gmx.net

over 3 years ago

In reply to: Amit Kapila (#2)

Re: Tighten pg_get_object_address argument checking

On 21.09.22 12:01, Amit Kapila wrote:

On Tue, Sep 20, 2022 at 11:14 PM Peter Eisentraut
<peter.eisentraut@enterprisedb.com> wrote:

For publication schemas (OBJECT_PUBLICATION_NAMESPACE) and user
mappings (OBJECT_USER_MAPPING), pg_get_object_address() checked the
array length of the second argument, but not of the first argument.
If the first argument was too long, it would just silently ignore
everything but the first argument. Fix that by checking the length of
the first argument as well.

LGTM.

Committed, thanks for checking.

Tighten pg_get_object_address argument checking

Attachments: