postgresql/contrib/pageinspect
Alvaro Herrera 3e1338475f Add missing checks to some of pageinspect's BRIN functions
brin_page_type() and brin_metapage_info() did not enforce being called
by superuser, like other pageinspect functions that take bytea do.
Since they don't verify the passed page thoroughly, it is possible to
use them to read the server memory with a carefully crafted bytea value,
up to a file kilobytes from where the input bytea is located.

Have them throw errors if called by a non-superuser.

Report and initial patch: Andreas Seltenreich

Security: CVE-2016-3065
2016-03-28 10:57:42 -03:00
..
brinfuncs.c Add missing checks to some of pageinspect's BRIN functions 2016-03-28 10:57:42 -03:00
btreefuncs.c Restructure index access method API to hide most of it at the C level. 2016-01-17 19:36:59 -05:00
fsmfuncs.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
ginfuncs.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
heapfuncs.c Update copyright for 2016 2016-01-02 13:33:40 -05:00
Makefile Improve pageinspect module 2015-11-25 16:31:55 +03:00
pageinspect--1.0--1.1.sql Fix typos in some error messages thrown by extension scripts when fed to psql. 2014-08-25 18:30:37 +02:00
pageinspect--1.1--1.2.sql Fix typos in some error messages thrown by extension scripts when fed to psql. 2014-08-25 18:30:37 +02:00
pageinspect--1.2--1.3.sql pageinspect/BRIN: minor tweaks 2014-12-02 12:20:50 -03:00
pageinspect--1.3--1.4.sql Add forgotten file in commit d6061f83a1 2015-11-25 16:59:07 +03:00
pageinspect--1.4.sql Improve pageinspect module 2015-11-25 16:31:55 +03:00
pageinspect--unpackaged--1.0.sql Fix typos in some error messages thrown by extension scripts when fed to psql. 2014-08-25 18:30:37 +02:00
pageinspect.control Improve pageinspect module 2015-11-25 16:31:55 +03:00
rawpage.c Update copyright for 2016 2016-01-02 13:33:40 -05:00