← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/postgresql-9.1/oneiric-security

« back to all changes in this revision

Viewing changes to src/backend/parser/gram.y

  • Committer: Package Import Robot
  • Author(s): Martin Pitt
  • Date: 2013-02-05 18:13:52 UTC
  • mfrom: (1.1.10) (10.1.5 oneiric-proposed)
  • Revision ID: package-import@ubuntu.com-20130205181352-3kw4f94ilqklzm7c
Tags: 9.1.8-0ubuntu11.10
https://launchpad.net/bugs/1116336
* New upstream security/bug fix release: (LP: #1116336)
  - Prevent execution of enum_recv from SQL
    The function was misdeclared, allowing a simple SQL command to crash the
    server.  In principle an attacker might be able to use it to examine the
    contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
    for reporting this issue. (CVE-2013-0255)
  - See HISTORY/changelog.gz for the other bug fixes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/backend/parser/gram.y
10232
10232
                                        n->location = @1;
10233
10233
                                        $$ = (Node *)n;
10234
10234
                                }
 
10235
                        | select_with_parens indirection
 
10236
                                {
 
10237
                                        /*
 
10238
                                         * Because the select_with_parens nonterminal is designed
 
10239
                                         * to "eat" as many levels of parens as possible, the
 
10240
                                         * '(' a_expr ')' opt_indirection production above will
 
10241
                                         * fail to match a sub-SELECT with indirection decoration;
 
10242
                                         * the sub-SELECT won't be regarded as an a_expr as long
 
10243
                                         * as there are parens around it.  To support applying
 
10244
                                         * subscripting or field selection to a sub-SELECT result,
 
10245
                                         * we need this redundant-looking production.
 
10246
                                         */
 
10247
                                        SubLink *n = makeNode(SubLink);
 
10248
                                        A_Indirection *a = makeNode(A_Indirection);
 
10249
                                        n->subLinkType = EXPR_SUBLINK;
 
10250
                                        n->testexpr = NULL;
 
10251
                                        n->operName = NIL;
 
10252
                                        n->subselect = $1;
 
10253
                                        n->location = @1;
 
10254
                                        a->arg = (Node *)n;
 
10255
                                        a->indirection = check_indirection($2, yyscanner);
 
10256
                                        $$ = (Node *)a;
 
10257
                                }
10235
10258
                        | EXISTS select_with_parens
10236
10259
                                {
10237
10260
                                        SubLink *n = makeNode(SubLink);
12728
12751
        x->args = args;
12729
12752
        /* xmloption, if relevant, must be filled in by caller */
12730
12753
        /* type and typmod will be filled in during parse analysis */
 
12754
        x->type = InvalidOid;                   /* marks the node as not analyzed */
12731
12755
        x->location = location;
12732
12756
        return (Node *) x;
12733
12757
}