Your message dated Sat, 25 Mar 2017 18:01:30 +0000
with message-id <[email protected]>
and subject line unblock plv8
has caused the Debian Bug report #858650,
regarding unblock: plv8/1:1.4.9.ds-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
858650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858650
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package plv8. The new version fixes a security problem.
diff -Nru plv8-1.4.8.ds/debian/changelog plv8-1.4.9.ds/debian/changelog
--- plv8-1.4.8.ds/debian/changelog 2017-01-14 21:15:06.000000000 +0100
+++ plv8-1.4.9.ds/debian/changelog 2017-03-22 19:01:08.000000000 +0100
@@ -1,3 +1,9 @@
+plv8 (1:1.4.9.ds-1) unstable; urgency=medium
+
+ * Security bugfix release: Check for permission to call functions.
+
+ -- Christoph Berg <[email protected]> Wed, 22 Mar 2017 19:01:08 +0100
+
plv8 (1:1.4.8.ds-3) unstable; urgency=medium
* Remove Evgeni from Uploaders. Thanks!
diff -Nru plv8-1.4.8.ds/expected/startup.out plv8-1.4.9.ds/expected/startup.out
--- plv8-1.4.8.ds/expected/startup.out 2013-06-20 16:49:58.000000000 +0200
+++ plv8-1.4.9.ds/expected/startup.out 2017-03-22 19:01:01.000000000 +0100
@@ -1,7 +1,7 @@
-- test startup failure
set plv8.start_proc = foo;
do $$ plv8.elog(NOTICE, 'foo = ' + foo) $$ language plv8;
-WARNING: failed to find js function function "foo" does not exist
+WARNING: failed to find js function function "foo()" does not exist
ERROR: ReferenceError: foo is not defined
DETAIL: undefined() LINE 1: plv8.elog(NOTICE, 'foo = ' + foo)
\c
diff -Nru plv8-1.4.8.ds/Makefile plv8-1.4.9.ds/Makefile
--- plv8-1.4.8.ds/Makefile 2016-04-21 11:00:49.000000000 +0200
+++ plv8-1.4.9.ds/Makefile 2017-03-22 19:01:01.000000000 +0100
@@ -12,7 +12,7 @@
# 'make static' will download v8 and build, then statically link to it.
#
#-----------------------------------------------------------------------------#
-PLV8_VERSION = 1.4.8
+PLV8_VERSION = 1.4.9
PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
diff -Nru plv8-1.4.8.ds/META.json plv8-1.4.9.ds/META.json
--- plv8-1.4.8.ds/META.json 2016-04-21 11:00:49.000000000 +0200
+++ plv8-1.4.9.ds/META.json 2017-03-22 19:01:01.000000000 +0100
@@ -2,7 +2,7 @@
"name": "plv8",
"abstract": "A procedural language in JavaScript powered by V8",
"description": "plv8 is a trusted procedural language that is safe to use,
fast to run and easy to develop.",
- "version": "1.4.8",
+ "version": "1.4.9",
"maintainer": [
"Jerry Sievert <[email protected]>",
"Hitoshi Harada <[email protected]>"
@@ -24,21 +24,21 @@
},
"provides": {
"plv8": {
- "file": "plv8--1.4.8.sql",
+ "file": "plv8--1.4.9.sql",
"docfile": "doc/plv8.md",
- "version": "1.4.8",
+ "version": "1.4.9",
"abstract": "A procedural language in JavaScript"
},
"plcoffee": {
- "file": "plcoffee--1.4.8.sql",
+ "file": "plcoffee--1.4.9.sql",
"docfile": "doc/plv8.md",
- "version": "1.4.8",
+ "version": "1.4.9",
"abstract": "A procedural language in CoffeeScript"
},
"plls": {
- "file": "plls--1.4.8.sql",
+ "file": "plls--1.4.9.sql",
"docfile": "doc/plv8.md",
- "version": "1.4.8",
+ "version": "1.4.9",
"abstract": "A procedural language in LiveScript"
}
},
diff -Nru plv8-1.4.8.ds/plv8.cc plv8-1.4.9.ds/plv8.cc
--- plv8-1.4.8.ds/plv8.cc 2016-04-21 10:59:10.000000000 +0200
+++ plv8-1.4.9.ds/plv8.cc 2017-03-22 19:01:01.000000000 +0100
@@ -191,7 +191,7 @@
_PG_init(void)
{
HASHCTL hash_ctl = { 0 };
-
+
hash_ctl.keysize = sizeof(Oid);
hash_ctl.entrysize = sizeof(plv8_proc_cache);
hash_ctl.hash = oid_hash;
@@ -1263,6 +1263,18 @@
return ThrowException(Exception::Error(String::New(message)));
}
+static text *
+charToText(char *string)
+{
+ int len = strlen(string);
+ text *result = (text *) palloc(len + 1 + VARHDRSZ);
+
+ SET_VARSIZE(result, len + VARHDRSZ);
+ memcpy(VARDATA(result), string, len + 1);
+
+ return result;
+}
+
static Persistent<Context>
GetGlobalContext()
{
@@ -1307,10 +1319,40 @@
Context::Scope context_scope(global_context);
TryCatch try_catch;
MemoryContext ctx = CurrentMemoryContext;
+ text *arg1, *arg2;
+ FunctionCallInfoData fake_fcinfo;
+ FmgrInfo flinfo;
+
+ char proc[NAMEDATALEN + 32];
+ strcpy(proc, plv8_start_proc);
+ strcat(proc, "()");
+ char perm[16];
+ strcpy(perm, "EXECUTE");
+ arg1 = charToText(proc);
+ arg2 = charToText(perm);
+
+ MemSet(&fake_fcinfo, 0, sizeof(fake_fcinfo));
+ MemSet(&flinfo, 0, sizeof(flinfo));
+ fake_fcinfo.flinfo = &flinfo;
+ flinfo.fn_oid = InvalidOid;
+ flinfo.fn_mcxt = CurrentMemoryContext;
+ fake_fcinfo.nargs = 2;
+ fake_fcinfo.arg[0] = CStringGetDatum(arg1);
+ fake_fcinfo.arg[1] = CStringGetDatum(arg2);
PG_TRY();
{
- func =
find_js_function_by_name(plv8_start_proc);
+ Datum ret =
has_function_privilege_name(&fake_fcinfo);
+
+ if (ret == 0) {
+ elog(WARNING, "failed to find js
function %s", plv8_start_proc);
+ } else {
+ if (DatumGetBool(ret)) {
+ func =
find_js_function_by_name(plv8_start_proc);
+ } else {
+ elog(WARNING, "no permission to
execute js function %s", plv8_start_proc);
+ }
+ }
}
PG_CATCH();
{
unblock plv8/1:1.4.9.ds-1
Thanks,
Christoph
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked plv8.
--- End Message ---
