Fix pg_recvlogical for pre-10 versions

In e170b8c8, protection against modified search_path was added. However, PostgreSQL versions prior to 10 does not accept SQL commands over a replication connection, so the protection would generate a syntax error. Since we cannot run SQL commands on it, we are also not vulnerable to the issue that e170b8c8 fixes, so we can just skip this command for older versions. Author: Michael Paquier <michael@paquier.xyz>
author: Magnus Hagander <magnus@hagander.net> 2018-03-18 13:08:25 +0100
committer: Magnus Hagander <magnus@hagander.net> 2018-03-18 13:11:49 +0100
commit: 24ff0fe87755c76a14332a03a08b62b85c9bc91d (patch)
tree: 65eb74e9bab841e43a3a625a0fac4f174a143f76 /src/bin/pg_basebackup/streamutil.c
parent: b3fade55cba65f551fd7315ceedbca930248a525 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c
index 8e87099b4ba..92065439457 100644
--- a/src/bin/pg_basebackup/streamutil.c
+++ b/src/bin/pg_basebackup/streamutil.c
@@ -209,8 +209,13 @@ GetConnection(void)
 	if (conn_opts)
 		PQconninfoFree(conn_opts);
 
-	/* Set always-secure search path, so malicious users can't get control. */
-	if (dbname != NULL)
+	/*
+	 * Set always-secure search path, so malicious users can't get control.
+	 * The capacity to run normal SQL queries was added in PostgreSQL
+	 * 10, so the search path cannot be changed (by us or attackers) on
+	 * earlier versions.
+	 */
+	if (dbname != NULL && PQserverVersion(conn) >= 100000)
 	{
 		PGresult   *res;
author	Magnus Hagander <magnus@hagander.net>	2018-03-18 13:08:25 +0100
committer	Magnus Hagander <magnus@hagander.net>	2018-03-18 13:11:49 +0100
commit	24ff0fe87755c76a14332a03a08b62b85c9bc91d (patch)
tree	65eb74e9bab841e43a3a625a0fac4f174a143f76 /src/bin/pg_basebackup/streamutil.c
parent	b3fade55cba65f551fd7315ceedbca930248a525 (diff)