Restrict tsearch config file base names to contain a-z, 0-9, and underscore,
instead of the initial policy of whatever isalpha() likes. Per discussion.
This commit is contained in:
parent
e7889b83b7
commit
6d871a2538
|
@ -7,7 +7,7 @@
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $PostgreSQL: pgsql/src/backend/tsearch/ts_utils.c,v 1.3 2007/08/25 00:03:59 tgl Exp $
|
* $PostgreSQL: pgsql/src/backend/tsearch/ts_utils.c,v 1.4 2007/09/04 02:16:56 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -38,22 +38,22 @@ get_tsearch_config_filename(const char *basename,
|
||||||
{
|
{
|
||||||
char sharepath[MAXPGPATH];
|
char sharepath[MAXPGPATH];
|
||||||
char *result;
|
char *result;
|
||||||
const char *p;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We enforce that the basename is all alpha characters. This may be
|
* We limit the basename to contain a-z, 0-9, and underscores. This may
|
||||||
* overly restrictive, but we don't want to allow access to anything
|
* be overly restrictive, but we don't want to allow access to anything
|
||||||
* outside the tsearch_data directory, so for instance '/' *must* be
|
* outside the tsearch_data directory, so for instance '/' *must* be
|
||||||
* rejected. This is the same test used for timezonesets names.
|
* rejected, and on some platforms '\' and ':' are risky as well.
|
||||||
|
* Allowing uppercase might result in incompatible behavior between
|
||||||
|
* case-sensitive and case-insensitive filesystems, and non-ASCII
|
||||||
|
* characters create other interesting risks, so on the whole a tight
|
||||||
|
* policy seems best.
|
||||||
*/
|
*/
|
||||||
for (p = basename; *p; p++)
|
if (strspn(basename, "abcdefghijklmnopqrstuvwxyz0123456789_") != strlen(basename))
|
||||||
{
|
ereport(ERROR,
|
||||||
if (!isalpha((unsigned char) *p))
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
||||||
ereport(ERROR,
|
errmsg("invalid text search configuration file name \"%s\"",
|
||||||
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
basename)));
|
||||||
errmsg("invalid text search configuration file name \"%s\"",
|
|
||||||
basename)));
|
|
||||||
}
|
|
||||||
|
|
||||||
get_share_path(my_exec_path, sharepath);
|
get_share_path(my_exec_path, sharepath);
|
||||||
result = palloc(MAXPGPATH);
|
result = palloc(MAXPGPATH);
|
||||||
|
|
Loading…
Reference in New Issue