Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
author: Noah Misch 2014-02-17 14:33:31 +0000
committer: Noah Misch 2014-02-17 14:33:36 +0000
commit: 23b5a85e60c464ab8bc438a547a4b15260ca9453 (patch)
tree: a7052c7e2039ec185e9b44fdf9b1596c48396a3c /src/pl/plpython/plpython.c
parent: 5d320a16ca544d6e125e962ed325463ad8bec240 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/pl/plpython/plpython.c b/src/pl/plpython/plpython.c
index 57801cc252e..7610031af19 100644
--- a/src/pl/plpython/plpython.c
+++ b/src/pl/plpython/plpython.c
@@ -519,6 +519,9 @@ plpython_validator(PG_FUNCTION_ARGS)
 	Form_pg_proc procStruct;
 	bool		is_trigger;
 
+	if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid))
+		PG_RETURN_VOID();
+
 	if (!check_function_bodies)
 	{
 		PG_RETURN_VOID();
@@ -5012,6 +5015,7 @@ PG_FUNCTION_INFO_V1(plpython2_validator);
 Datum
 plpython2_validator(PG_FUNCTION_ARGS)
 {
+	/* call plpython validator with our fcinfo so it gets our oid */
 	return plpython_validator(fcinfo);
 }
author	Noah Misch	2014-02-17 14:33:31 +0000
committer	Noah Misch	2014-02-17 14:33:36 +0000
commit	23b5a85e60c464ab8bc438a547a4b15260ca9453 (patch)
tree	a7052c7e2039ec185e9b44fdf9b1596c48396a3c /src/pl/plpython/plpython.c
parent	5d320a16ca544d6e125e962ed325463ad8bec240 (diff)