public inbox for [email protected]
help / color / mirror / Atom feedFrom: Noah Misch <[email protected]>
To: [email protected]
Subject: pgsql: Fix SQL injection in logical replication origin checks.
Date: Mon, 11 May 2026 12:19:37 +0000
Message-ID: <[email protected]> (raw)
Fix SQL injection in logical replication origin checks.
ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them. A crafted subscriber
relation name can inject arbitrary SQL on the publisher. Test such a
name. Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.
Reported-by: Pavel Kohout <[email protected]>
Author: Pavel Kohout <[email protected]>
Reviewed-by: Nathan Bossart <[email protected]>
Backpatch-through: 16
Security: CVE-2026-6638
Branch
------
REL_18_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/cb35d730689546dd7334437f2954a6670fbb967e
Modified Files
--------------
src/backend/commands/subscriptioncmds.c | 9 ++++--
src/test/subscription/t/030_origin.pl | 55 +++++++++++++++++----------------
2 files changed, 36 insertions(+), 28 deletions(-)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: Fix SQL injection in logical replication origin checks.
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox