This breaks from the CVE-2014-0062 (commit 5f17304) principle of not repeating
name lookups. The attached demo uses this defect to make one partition have
two parents.
Thank you very much for information (especially for the demo)!
I'm not sure that we can get the identifier of the newly created
partition from the ProcessUtility() function...
Maybe it would be enough to check that the new partition is located in
the namespace in which we created it (see attachment)?
--
With best regards,
Dmitry Koval
Postgres Professional: http://postgrespro.com
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index 0b2a52463f..a1937d078b 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -20388,6 +20388,14 @@ createPartitionTable(RangeVar *newPartName, Relation
modelRel,
*/
newRel = table_openrv(newPartName, NoLock);
+ /* Check for case namespace was renamed during partition creation. */
+ if (RelationGetNamespace(newRel) != RelationGetNamespace(modelRel))
+ ereport(ERROR,
+ (errcode(ERRCODE_WRONG_OBJECT_TYPE),
+ errmsg("cannot create partition because
namespace \"%s\" was changed to \"%s\"",
+
get_namespace_name(RelationGetNamespace(newRel)),
+
get_namespace_name(RelationGetNamespace(modelRel)))));
+
/*
* We intended to create the partition with the same persistence as the
* parent table, but we still need to recheck because that might be
