refint: Fix SQL injection and buffer overruns. Maliciously crafted key value updates could achieve SQL injection within check_foreign_key(). To fix, ensure new key values are properly quoted and escaped in the internally generated SQL statements. While at it, avoid potential buffer overruns by replacing the stack buffers for internally generated SQL statements with StringInfo.
Reported-by: Nikolay Samokhvalov <[email protected]> Author: Nathan Bossart <[email protected]> Reviewed-by: Noah Misch <[email protected]> Reviewed-by: Tom Lane <[email protected]> Reviewed-by: Fujii Masao <[email protected]> Security: CVE-2026-6637 Backpatch-through: 14 Branch ------ REL_17_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/2dc64ef28b3696d202628f852c6a97ae8a2e2a62 Author: Nathan Bossart <[email protected]> Modified Files -------------- contrib/spi/refint.c | 84 ++++++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 46 deletions(-)
