diff options
| author | Stephen Frost <sfrost@snowman.net> | 2015-01-12 17:04:11 -0500 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2015-01-28 12:33:15 -0500 |
| commit | 9406884af19e2620a14059e64d4eb6ab430ab328 (patch) | |
| tree | 6da36eedd18ec124129de563af9f86f1e174a79c /src/backend/access/nbtree/nbtinsert.c | |
| parent | 8eb1e9d962b9c960af7b74348b909680d4610dfe (diff) | |
Fix column-privilege leak in error-message paths
While building error messages to return to the user,
BuildIndexValueDescription and ri_ReportViolation would happily include
the entire key or entire row in the result returned to the user, even if
the user didn't have access to view all of the columns being included.
Instead, include only those columns which the user is providing or which
the user has select rights on. If the user does not have any rights
to view the table or any of the columns involved then no detail is
provided and a NULL value is returned from BuildIndexValueDescription.
Note that, for key cases, the user must have access to all of the
columns for the key to be shown; a partial key will not be returned.
Back-patch all the way, as column-level privileges are now in all
supported versions.
This has been assigned CVE-2014-8161, but since the issue and the patch
have already been publicized on pgsql-hackers, there's no point in trying
to hide this commit.
Diffstat (limited to 'src/backend/access/nbtree/nbtinsert.c')
| -rw-r--r-- | src/backend/access/nbtree/nbtinsert.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/backend/access/nbtree/nbtinsert.c b/src/backend/access/nbtree/nbtinsert.c index 29e04350c7b..b288659d98d 100644 --- a/src/backend/access/nbtree/nbtinsert.c +++ b/src/backend/access/nbtree/nbtinsert.c @@ -385,16 +385,20 @@ _bt_check_unique(Relation rel, IndexTuple itup, Relation heapRel, { Datum values[INDEX_MAX_KEYS]; bool isnull[INDEX_MAX_KEYS]; + char *key_desc; index_deform_tuple(itup, RelationGetDescr(rel), values, isnull); + + key_desc = BuildIndexValueDescription(rel, values, + isnull); + ereport(ERROR, (errcode(ERRCODE_UNIQUE_VIOLATION), errmsg("duplicate key value violates unique constraint \"%s\"", RelationGetRelationName(rel)), - errdetail("Key %s already exists.", - BuildIndexValueDescription(rel, - values, isnull)))); + key_desc ? errdetail("Key %s already exists.", + key_desc) : 0)); } } else if (all_dead) |