From 914537edc7827253ee2a1c4f317f6f2ceedb8ab2 Mon Sep 17 00:00:00 2001
From: Daniele Varrazzo <daniele.varrazzo@gmail.com>
Date: Tue, 20 Mar 2018 20:47:06 +0000
Subject: [PATCH] An attempt to restrict the search path to avoid injections

An alternative way to fix #168 which is not as invasive as the changes
in #171.

This currently breaks the current behaviour of the program as the tables
specified on command line are not found.
---
 bin/pgut/pgut-fe.c | 3 +++
 bin/pgut/pgut.c    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/bin/pgut/pgut-fe.c b/bin/pgut/pgut-fe.c
index 5ed4fed..2f3cba6 100644
--- a/bin/pgut/pgut-fe.c
+++ b/bin/pgut/pgut-fe.c
@@ -99,6 +99,9 @@ setup_workers(int num_workers)
 				break;
 			}
 
+			/* Hardcode a search path to avoid injections into public or pg_temp */
+			pgut_command(conn, "SET search_path TO pg_catalog, pg_temp", 0, NULL);
+
             /* Make sure each worker connection can work in non-blocking
              * mode.
              */
diff --git a/bin/pgut/pgut.c b/bin/pgut/pgut.c
index 14ee762..40de8d1 100644
--- a/bin/pgut/pgut.c
+++ b/bin/pgut/pgut.c
@@ -504,6 +504,9 @@ pgut_connect(const char *info, YesNo prompt, int elevel)
 				termStringInfo(&add_pass);
 			free(passwd);
 
+			/* Hardcode a search path to avoid injections into public or pg_temp */
+			pgut_command(conn, "SET search_path TO pg_catalog, pg_temp", 0, NULL);
+
 			return conn;
 		}