Correct pg_recvlogical server version test.

nmisch · nmisch · commit 32c247629367 · 2018-04-25T18:50:33.000-07:00
The predecessor test boiled down to "PQserverVersion(NULL) >= 100000", which is always false. No release includes that, so it could not have reintroduced CVE-2018-1058. Back-patch to 9.4, like the addition of the predecessor in commit 8d2814f. Discussion: https://postgr.es/m/20180422215551.GB2676194@rfd.leadboat.com
diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c
@@ -215,7 +215,7 @@ GetConnection(void)
 	 * 10, so the search path cannot be changed (by us or attackers) on
 	 * earlier versions.
 	 */
-	if (dbname != NULL && PQserverVersion(conn) >= 100000)
+	if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)
 	{
 		PGresult   *res;
 

Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,7 @@ GetConnection(void)`
`215`	`215`	`* 10, so the search path cannot be changed (by us or attackers) on`
`216`	`216`	`* earlier versions.`
`217`	`217`	`*/`
`218`		`- if (dbname != NULL && PQserverVersion(conn) >= 100000)`
	`218`	`+ if (dbname != NULL && PQserverVersion(tmpconn) >= 100000)`
`219`	`219`	`{`
`220`	`220`	`PGresult *res;`
`221`	`221`