On Tue, Apr 17, 2018 at 03:38:13PM +0900, Michael Paquier wrote:
> On Tue, Apr 17, 2018 at 03:01:33AM -0300, Euler Taveira wrote:
> > A proposed fix is attached. It should be applied to 9.4, 9.5, 9.6, and
> > 10. (Although, client version 10 can connect to server version 10,
> > client version 10 can't connect to server version 9.6.)
> >
> > Comments?
>
> The exact same fix has already applied on all stable branches:
> - af5fbb1286 -> REL9_4_STABLE
> - 24ff0fe877 -> REL9_5_STABLE
> - 59743deca9 -> REL9_6_STABLE
> - e7d3a37d99 -> REL_10_STABLE
> - 8d2814f274 -> master
That change is testing the wrong variable. I plan to repair it as attached.
I ran check-world with the following and found no similar defects:
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -6106,4 +6106,5 @@ int
PQserverVersion(const PGconn *conn)
{
+ Assert(conn);
if (!conn)
return 0;
commit 8ef98fe (HEAD, master)
Author: Noah Misch <[email protected]>
AuthorDate: Sun Apr 22 14:46:58 2018 -0700
Commit: Noah Misch <[email protected]>
CommitDate: Sun Apr 22 14:46:58 2018 -0700
Correct pg_recvlogical server version test.
The predecessor test boiled down to "PQserverVersion(NULL) >= 100000",
which is always false. No release includes that, so it could not have
reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the
predecessor in commit 8d2814f274def85f39fbe997d454b01628cb5667.
Discussion: https://postgr.es/m/TBD
---
src/bin/pg_basebackup/streamutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/bin/pg_basebackup/streamutil.c
b/src/bin/pg_basebackup/streamutil.c
index 4fd5369..77ae91f 100644
--- a/src/bin/pg_basebackup/streamutil.c
+++ b/src/bin/pg_basebackup/streamutil.c
@@ -223,7 +223,7 @@ GetConnection(void)
* 10, so the search path cannot be changed (by us or attackers) on
* earlier versions.
*/
- if (dbname != NULL && PQserverVersion(conn) >= 100000)
+ if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
{
PGresult *res;
