An attempt to restrict the search path to avoid injections

An alternative way to fix #168 which is not as invasive as the changes in #171. This currently breaks the current behaviour of the program as the tables specified on command line are not found.
2018-03-20 20:47:06 +00:00 · 2018-03-20 20:47:06 +00:00 · 914537edc7
commit 914537edc7
parent ce8e283f63
2 changed files with 6 additions and 0 deletions
--- a/bin/pgut/pgut-fe.c
+++ b/bin/pgut/pgut-fe.c
@ -99,6 +99,9 @@ setup_workers(int num_workers)
 				break;
 			}

+			/* Hardcode a search path to avoid injections into public or pg_temp */
+			pgut_command(conn, "SET search_path TO pg_catalog, pg_temp", 0, NULL);
+
            /* Make sure each worker connection can work in non-blocking
             * mode.
             */
--- a/bin/pgut/pgut.c
+++ b/bin/pgut/pgut.c
@ -504,6 +504,9 @@ pgut_connect(const char *info, YesNo prompt, int elevel)
 				termStringInfo(&add_pass);
 			free(passwd);

+			/* Hardcode a search path to avoid injections into public or pg_temp */
+			pgut_command(conn, "SET search_path TO pg_catalog, pg_temp", 0, NULL);
+
 			return conn;
 		}