refint: Fix SQL injection and buffer overruns. Maliciously crafted key value updates could achieve SQL injection within check_foreign_key(). To fix, ensure new key values are properly quoted and escaped in the internally generated SQL statements. While at it, avoid potential buffer overruns by replacing the stack buffers for internally generated SQL statements with StringInfo.
Reported-by: Nikolay Samokhvalov <[email protected]> Author: Nathan Bossart <[email protected]> Reviewed-by: Noah Misch <[email protected]> Reviewed-by: Tom Lane <[email protected]> Reviewed-by: Fujii Masao <[email protected]> Security: CVE-2026-6637 Backpatch-through: 14 Branch ------ REL_16_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/710995782fa388f3878a86e1d9ed68db8abc4276 Author: Nathan Bossart <[email protected]> Modified Files -------------- contrib/spi/refint.c | 84 ++++++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 46 deletions(-)
