Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
author: Noah Misch <noah@leadboat.com> 2014-02-17 09:33:31 -0500
committer: Noah Misch <noah@leadboat.com> 2014-02-17 09:33:31 -0500
commit: 537cbd35c893e67a63c59bc636c3e888bd228bc7 (patch)
tree: 0315dbc61a19a835e3c446122c337655ad8794d4 /src/pl/plpgsql
parent: fea164a72a7bfd50d77ba5fb418d357f8f2bb7d0 (diff)
download: postgresql-537cbd35c893e67a63c59bc636c3e888bd228bc7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/pl/plpgsql/src/pl_handler.c b/src/pl/plpgsql/src/pl_handler.c
index f02203a5fb..f21393ae41 100644
--- a/src/pl/plpgsql/src/pl_handler.c
+++ b/src/pl/plpgsql/src/pl_handler.c
@@ -290,6 +290,9 @@ plpgsql_validator(PG_FUNCTION_ARGS)
 	bool		is_event_trigger = false;
 	int			i;
 
+	if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid))
+		PG_RETURN_VOID();
+
 	/* Get the new function's pg_proc entry */
 	tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid));
 	if (!HeapTupleIsValid(tuple))
author	Noah Misch <noah@leadboat.com>	2014-02-17 09:33:31 -0500
committer	Noah Misch <noah@leadboat.com>	2014-02-17 09:33:31 -0500
commit	537cbd35c893e67a63c59bc636c3e888bd228bc7 (patch)
tree	0315dbc61a19a835e3c446122c337655ad8794d4 /src/pl/plpgsql
parent	fea164a72a7bfd50d77ba5fb418d357f8f2bb7d0 (diff)
download	postgresql-537cbd35c893e67a63c59bc636c3e888bd228bc7.tar.gz