Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp> wrote:
> pg_read_file() takes byte-offset and length as arguments,
> but we don't check the result text with pg_verify_mbstr().
> Should pg_read_file() return bytea instead of text or adding
> some codes to verify the input? Only superusers are allowed
> to use the function, but it is still dangerous.
Here is a patch to modify the result type of pg_read_file to bytea.
I think it is a possibly-security hole -- it might be safe because only
supersusers can use the function, but it is still dangerous.
We can still use the function to read a text file:
SELECT convert_from(pg_read_file(...), 'encoding')
If we want to keep backward compatibility, the issue can be fixed
by adding pg_verifymbstr() to the function. We can also have the
binary version in another name, like pg_read_binary_file().
Which solution is better? Comments welcome.
Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center