From 9993fa9dd25d01e99748869b1fb1d6f4dc03960e Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Mon, 5 Aug 2019 07:48:41 -0700
Subject: Require the schema qualification in pg_temp.type_name(arg).

Commit aa27977fe21a7dfa4da4376ad66ae37cb8f0d0b5 introduced this
restriction for pg_temp.function_name(arg); do likewise for types
created in temporary schemas.  Programs that this breaks should add
"pg_temp." schema qualification or switch to arg::type_name syntax.
Back-patch to 9.4 (all supported versions).

Reviewed by Tom Lane.  Reported by Tom Lane.

Security: CVE-2019-10208
---
 src/test/regress/expected/temp.out | 15 +++++++++++++++
 src/test/regress/sql/temp.sql      | 11 +++++++++++
 2 files changed, 26 insertions(+)

(limited to 'src/test')

diff --git a/src/test/regress/expected/temp.out b/src/test/regress/expected/temp.out
index ad7d5581911..eab75dbe2c9 100644
--- a/src/test/regress/expected/temp.out
+++ b/src/test/regress/expected/temp.out
@@ -199,6 +199,21 @@ select pg_temp.whoami();
 (1 row)
 
 drop table public.whereami;
+-- types in temp schema
+set search_path = pg_temp, public;
+create domain pg_temp.nonempty as text check (value <> '');
+-- function-syntax invocation of types matches rules for functions
+select nonempty('');
+ERROR:  function nonempty(unknown) does not exist
+LINE 1: select nonempty('');
+               ^
+HINT:  No function matches the given name and argument types. You might need to add explicit type casts.
+select pg_temp.nonempty('');
+ERROR:  value for domain nonempty violates check constraint "nonempty_check"
+-- other syntax matches rules for tables
+select ''::nonempty;
+ERROR:  value for domain nonempty violates check constraint "nonempty_check"
+reset search_path;
 -- For partitioned temp tables, ON COMMIT actions ignore storage-less
 -- partitioned tables.
 begin;
diff --git a/src/test/regress/sql/temp.sql b/src/test/regress/sql/temp.sql
index e634ddb9ca4..761955bfe6b 100644
--- a/src/test/regress/sql/temp.sql
+++ b/src/test/regress/sql/temp.sql
@@ -152,6 +152,17 @@ select pg_temp.whoami();
 
 drop table public.whereami;
 
+-- types in temp schema
+set search_path = pg_temp, public;
+create domain pg_temp.nonempty as text check (value <> '');
+-- function-syntax invocation of types matches rules for functions
+select nonempty('');
+select pg_temp.nonempty('');
+-- other syntax matches rules for tables
+select ''::nonempty;
+
+reset search_path;
+
 -- For partitioned temp tables, ON COMMIT actions ignore storage-less
 -- partitioned tables.
 begin;
-- 
cgit v1.2.3