Skip to content

Commit 461c32b

Browse files
nmischnmisch
committed
Back-patch non-static ExecuteSqlQueryForSingleRow().
Back-patch a subset of commit 47e5969 to 9.4 and 9.3. The next commit adds calls to this function. Security: CVE-2018-1058
1 parent 9f6e529 commit 461c32b

File tree

3 files changed

+24
-24
lines changed

3 files changed

+24
-24
lines changed

src/bin/pg_dump/pg_backup_db.c

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -406,6 +406,29 @@ ExecuteSqlQuery(Archive *AHX, const char *query, ExecStatusType status)
406406
return res;
407407
}
408408

409+
/*
410+
* Execute an SQL query and verify that we got exactly one row back.
411+
*/
412+
PGresult *
413+
ExecuteSqlQueryForSingleRow(Archive *fout, char *query)
414+
{
415+
PGresult *res;
416+
int ntups;
417+
418+
res = ExecuteSqlQuery(fout, query, PGRES_TUPLES_OK);
419+
420+
/* Expecting a single result only */
421+
ntups = PQntuples(res);
422+
if (ntups != 1)
423+
exit_horribly(NULL,
424+
ngettext("query returned %d row instead of one: %s\n",
425+
"query returned %d rows instead of one: %s\n",
426+
ntups),
427+
ntups, query);
428+
429+
return res;
430+
}
431+
409432
/*
410433
* Convenience function to send a query.
411434
* Monitors result to detect COPY statements

src/bin/pg_dump/pg_backup_db.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ extern int ExecuteSqlCommandBuf(ArchiveHandle *AH, const char *buf, size_t bufLe
1515
extern void ExecuteSqlStatement(Archive *AHX, const char *query);
1616
extern PGresult *ExecuteSqlQuery(Archive *AHX, const char *query,
1717
ExecStatusType status);
18+
extern PGresult *ExecuteSqlQueryForSingleRow(Archive *fout, char *query);
1819

1920
extern void EndDBCopyMode(ArchiveHandle *AH, struct _tocEntry * te);
2021

src/bin/pg_dump/pg_dump.c

Lines changed: 0 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -281,7 +281,6 @@ static bool nonemptyReloptions(const char *reloptions);
281281
static void fmtReloptionsArray(Archive *fout, PQExpBuffer buffer,
282282
const char *reloptions, const char *prefix);
283283
static char *get_synchronized_snapshot(Archive *fout);
284-
static PGresult *ExecuteSqlQueryForSingleRow(Archive *fout, char *query);
285284
static void setupDumpWorker(Archive *AHX, RestoreOptions *ropt);
286285

287286

@@ -15638,26 +15637,3 @@ fmtReloptionsArray(Archive *fout, PQExpBuffer buffer, const char *reloptions,
1563815637
if (options)
1563915638
free(options);
1564015639
}
15641-
15642-
/*
15643-
* Execute an SQL query and verify that we got exactly one row back.
15644-
*/
15645-
static PGresult *
15646-
ExecuteSqlQueryForSingleRow(Archive *fout, char *query)
15647-
{
15648-
PGresult *res;
15649-
int ntups;
15650-
15651-
res = ExecuteSqlQuery(fout, query, PGRES_TUPLES_OK);
15652-
15653-
/* Expecting a single result only */
15654-
ntups = PQntuples(res);
15655-
if (ntups != 1)
15656-
exit_horribly(NULL,
15657-
ngettext("query returned %d row instead of one: %s\n",
15658-
"query returned %d rows instead of one: %s\n",
15659-
ntups),
15660-
ntups, query);
15661-
15662-
return res;
15663-
}

0 commit comments

Comments
 (0)