From 32c247629367c827b09e65d135d0a26fc91eb8fa Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Wed, 25 Apr 2018 18:50:29 -0700 Subject: [PATCH] Correct pg_recvlogical server version test. The predecessor test boiled down to "PQserverVersion(NULL) >= 100000", which is always false. No release includes that, so it could not have reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the predecessor in commit 8d2814f274def85f39fbe997d454b01628cb5667. Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com --- src/bin/pg_basebackup/streamutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c index 97484aa573..933091ff1f 100644 --- a/src/bin/pg_basebackup/streamutil.c +++ b/src/bin/pg_basebackup/streamutil.c @@ -215,7 +215,7 @@ GetConnection(void) * 10, so the search path cannot be changed (by us or attackers) on * earlier versions. */ - if (dbname != NULL && PQserverVersion(conn) >= 100000) + if (dbname != NULL && PQserverVersion(tmpconn) >= 100000) { PGresult *res;