Fixed security CVE_2020_14350. Added tests

dlepikhova · dlepikhova · commit f0e83041ebfc · 2020-11-09T15:03:50.000+05:00
diff --git a/Makefile b/Makefile
@@ -6,7 +6,7 @@ OBJS = src/shared_ispell.o
 EXTENSION = shared_ispell
 DATA = shared_ispell--1.1.0.sql
 
-REGRESS = shared_ispell
+REGRESS = security shared_ispell
 
 EXTRA_REGRESS_OPTS=--temp-config=$(top_srcdir)/$(subdir)/postgresql.conf
 
diff --git a/expected/security.out b/expected/security.out
@@ -0,0 +1,40 @@
+create type si_dicts_result as (dict_name VARCHAR, affix_name VARCHAR, words INT, affixes INT, bytes INT);
+create function shared_ispell_dicts( OUT dict_name VARCHAR, OUT affix_name VARCHAR, OUT words INT, OUT affixes INT, OUT bytes INT)
+returns SETOF record as $$
+declare
+    qString varchar(4000);
+    rec si_dicts_result;
+begin
+    qString := 'select * from shared_ispell_dicts()';
+    for rec in execute qString loop
+        return NEXT;
+    end loop;
+    return;
+end
+$$ language plpgsql;
+create extension shared_ispell;
+ERROR:  function "shared_ispell_dicts" already exists with same argument types
+drop extension if exists shared_ispell;
+NOTICE:  extension "shared_ispell" does not exist, skipping
+drop type si_dicts_result;
+drop function shared_ispell_dicts;
+create type si_stoplists_result as (stop_name VARCHAR, words INT, bytes INT);
+create function shared_ispell_stoplists(OUT stop_name VARCHAR, OUT words INT, OUT bytes INT)
+returns SETOF record as $$
+declare 
+    rec si_stoplists_result;
+    qString varchar(4000);
+begin
+    qString := 'select * from shared_ispell_stoplists()';
+    for rec in execute qString loop
+        return NEXT;
+    end loop;
+    return;
+end
+$$ language plpgsql;
+create extension shared_ispell;
+ERROR:  function "shared_ispell_stoplists" already exists with same argument types
+drop extension if exists shared_ispell;
+NOTICE:  extension "shared_ispell" does not exist, skipping
+drop type si_stoplists_result;
+drop function shared_ispell_stoplists;
diff --git a/shared_ispell--1.1.0.sql b/shared_ispell--1.1.0.sql
@@ -1,34 +1,34 @@
-CREATE OR REPLACE FUNCTION shared_ispell_init(internal)
+CREATE FUNCTION shared_ispell_init(internal)
 	RETURNS internal
 	AS 'MODULE_PATHNAME', 'dispell_init'
 	LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_lexize(internal,internal,internal,internal)
+CREATE FUNCTION shared_ispell_lexize(internal,internal,internal,internal)
 	RETURNS internal
 	AS 'MODULE_PATHNAME', 'dispell_lexize'
 	LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_reset()
+CREATE FUNCTION shared_ispell_reset()
 	RETURNS void
 	AS 'MODULE_PATHNAME', 'dispell_reset'
 	LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_mem_used()
+CREATE FUNCTION shared_ispell_mem_used()
 	RETURNS integer
 	AS 'MODULE_PATHNAME', 'dispell_mem_used'
 	LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_mem_available()
+CREATE FUNCTION shared_ispell_mem_available()
 	RETURNS integer
 	AS 'MODULE_PATHNAME', 'dispell_mem_available'
 	LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_dicts( OUT dict_name VARCHAR, OUT affix_name VARCHAR, OUT words INT, OUT affixes INT, OUT bytes INT)
+CREATE FUNCTION shared_ispell_dicts( OUT dict_name VARCHAR, OUT affix_name VARCHAR, OUT words INT, OUT affixes INT, OUT bytes INT)
     RETURNS SETOF record
     AS 'MODULE_PATHNAME', 'dispell_list_dicts'
     LANGUAGE C IMMUTABLE;
 
-CREATE OR REPLACE FUNCTION shared_ispell_stoplists( OUT stop_name VARCHAR, OUT words INT, OUT bytes INT)
+CREATE FUNCTION shared_ispell_stoplists( OUT stop_name VARCHAR, OUT words INT, OUT bytes INT)
     RETURNS SETOF record
     AS 'MODULE_PATHNAME', 'dispell_list_stoplists'
     LANGUAGE C IMMUTABLE;
diff --git a/sql/security.sql b/sql/security.sql
@@ -0,0 +1,43 @@
+create type si_dicts_result as (dict_name VARCHAR, affix_name VARCHAR, words INT, affixes INT, bytes INT);
+
+create function shared_ispell_dicts( OUT dict_name VARCHAR, OUT affix_name VARCHAR, OUT words INT, OUT affixes INT, OUT bytes INT)
+returns SETOF record as $$
+declare
+    qString varchar(4000);
+    rec si_dicts_result;
+begin
+    qString := 'select * from shared_ispell_dicts()';
+    for rec in execute qString loop
+        return NEXT;
+    end loop;
+    return;
+end
+$$ language plpgsql;
+
+create extension shared_ispell;
+
+drop extension if exists shared_ispell;
+drop type si_dicts_result;
+drop function shared_ispell_dicts;
+
+create type si_stoplists_result as (stop_name VARCHAR, words INT, bytes INT);
+
+create function shared_ispell_stoplists(OUT stop_name VARCHAR, OUT words INT, OUT bytes INT)
+returns SETOF record as $$
+declare 
+    rec si_stoplists_result;
+    qString varchar(4000);
+begin
+    qString := 'select * from shared_ispell_stoplists()';
+    for rec in execute qString loop
+        return NEXT;
+    end loop;
+    return;
+end
+$$ language plpgsql;
+
+create extension shared_ispell;
+
+drop extension if exists shared_ispell;
+drop type si_stoplists_result;
+drop function shared_ispell_stoplists;
