projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 605fdb9) | patch
Convert newlines to spaces in names written in v11+ pg_dump comments.
authorNoah Misch <[email protected]>
Mon, 11 Aug 2025 13:18:59 +0000 (06:18 -0700)
committerNoah Misch <[email protected]>
Mon, 11 Aug 2025 13:19:03 +0000 (06:19 -0700)
commit13a67ce6034ed674a4e797c6f1545831189be02e
tree92e1e6253ce51cbf308d2d63c42a7ae33eba2739tree
parent605fdb989b8c4213907560ae90f2188425bf77edcommit | diff
Convert newlines to spaces in names written in v11+ pg_dump comments.

Maliciously-crafted object names could achieve SQL injection during
restore.  CVE-2012-0868 fixed this class of problem at the time, but
later work reintroduced three cases.  Commit
bc8cd50fefd369b217f80078585c486505aafb62 (back-patched to v11+ in
2023-05 releases) introduced the pg_dump case.  Commit
6cbdbd9e8d8f2986fde44f2431ed8d0c8fce7f5d (v12+) introduced the two
pg_dumpall cases.  Move sanitize_line(), unchanged, to dumputils.c so
pg_dumpall has access to it in all supported versions.  Back-patch to
v13 (all supported versions).

Reviewed-by: Robert Haas <[email protected]>
Reviewed-by: Nathan Bossart <[email protected]>
Backpatch-through: 13
Security: CVE-2025-8715
src/bin/pg_dump/dumputils.c diff | blob | blame | history
src/bin/pg_dump/dumputils.h diff | blob | blame | history
src/bin/pg_dump/pg_backup_archiver.c diff | blob | blame | history
src/bin/pg_dump/pg_dump.c diff | blob | blame | history
src/bin/pg_dump/pg_dumpall.c diff | blob | blame | history
src/bin/pg_dump/t/002_pg_dump.pl diff | blob | blame | history
src/bin/pg_dump/t/003_pg_dump_with_server.pl diff | blob | blame | history
This is the main PostgreSQL git repository.