pgsql: Disallow CR and LF in database, role, and tablespace names

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Andrew Dunstan <[email protected]>
To: [email protected]
Subject: pgsql: Disallow CR and LF in database, role, and tablespace names
Date: Mon, 23 Feb 2026 16:20:21 +0000
Message-ID: <[email protected]> (raw)

Disallow CR and LF in database, role, and tablespace names

Previously, these characters could cause problems when passed through
shell commands, and were flagged with a comment in string_utils.c
suggesting they be rejected in a future major release.

The affected commands are CREATE DATABASE, CREATE ROLE, CREATE TABLESPACE,
ALTER DATABASE RENAME, ALTER ROLE RENAME, and ALTER TABLESPACE RENAME.

Also add a pg_upgrade check to detect these invalid names in clusters
being upgraded from pre-v19 versions, producing a report file listing
any offending objects that must be renamed before upgrading.

Tests have been modified accordingly.

Author: Mahendra Singh Thalor <[email protected]>
Reviewed-By: Álvaro Herrera <[email protected]>
Reviewed-By: Andrew Dunstan <[email protected]>
Reviewed-By: Tom Lane <[email protected]>
Reviewed-By: Nathan Bossart <[email protected]>
Reviewed-By: Srinath Reddy <[email protected]>

Discussion: https://postgr.es/m/CAKYtNApkOi4FY0S7+3jpTqnHVyyZ6Tbzhtbah-NBbY-mGsiKAQ@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/b380a56a3f9556588a89013b765d67947d54f7d0

Modified Files
--------------
src/backend/commands/dbcommands.c                  | 12 ++++
src/backend/commands/tablespace.c                  | 12 ++++
src/backend/commands/user.c                        | 12 ++++
src/bin/pg_dump/t/002_pg_dump.pl                   |  9 +--
src/bin/pg_dump/t/003_pg_dump_with_server.pl       | 16 -----
src/bin/pg_dump/t/010_dump_connstr.pl              | 14 ----
src/bin/pg_upgrade/check.c                         | 79 ++++++++++++++++++++++
src/bin/scripts/t/020_createdb.pl                  | 12 ++++
src/fe_utils/string_utils.c                        |  6 --
.../unsafe_tests/expected/alter_system_table.out   |  5 ++
.../modules/unsafe_tests/expected/rolenames.out    |  4 ++
.../unsafe_tests/sql/alter_system_table.sql        |  4 ++
src/test/modules/unsafe_tests/sql/rolenames.sql    |  2 +
src/test/regress/expected/tablespace.out           |  5 ++
src/test/regress/sql/tablespace.sql                |  4 ++
15 files changed, 153 insertions(+), 43 deletions(-)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgsql: Disallow CR and LF in database, role, and tablespace names
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox