Be more wary of false matches in initdb's replace_token(). Do not replace the target string unless the occurrence is surrounded by whitespace or line start/end. This avoids potential false match to a substring of a field. While we've not had trouble with that up to now, the next patch creates hazards of false matches to POSTGRES within an ACL field.
There is one call site that needs adjustment, as it was presuming it could write "::1" and have that match "::1/128". For all the others, this restriction is okay and strictly safer. Author: Tom Lane <[email protected]> Reviewed-by: Álvaro Herrera <[email protected]> Discussion: https://postgr.es/m/[email protected] Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/7664319ccb0288b3b13b111b0d88ec7881f3c5bf Modified Files -------------- src/bin/initdb/initdb.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-)
