pg_createsubscriber: Obstruct SQL injection via subscription names. drop_existing_subscription() neglected to escape the subscription name when generating its query string. To fix, use PQescapeIdentifier() to construct a properly escaped name, and use it in the ALTER SUBSCRIPTION and DROP SUBSCRIPTION commands.
Reported-by: Yu Kunpeng <[email protected]> Author: Nathan Bossart <[email protected]> Reviewed-by: Amit Kapila <[email protected]> Security: CVE-2026-6476 Backpatch-through: 17 Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/d389415ffad509f0de1342e6ebbb5d5c62dbedef Author: Nathan Bossart <[email protected]> Modified Files -------------- src/bin/pg_basebackup/pg_createsubscriber.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)
