external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid possible information leakage about existing users (#6090)

pull/6095/head
Jelte Fennema 2022-07-27 17:46:32 +02:00 committed by GitHub
parent 2b2a529653
commit 0f50bef696
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/distributed/shared_library_init.c
View File

@ -2498,7 +2498,11 @@ CitusAuthHook(Port *port, int status)
/* /*
* IsSuperuser returns whether the role with the given name is superuser. * IsSuperuser returns whether the role with the given name is superuser. If
* the user doesn't exist, this simply returns false instead of throwing an
* error. This is done to not leak information about users existing or not, in
* some cases postgres is vague about this on purpose. So, by returning false
* we let postgres return this possibly vague error message.
*/ */
static bool static bool
IsSuperuser(char *roleName) IsSuperuser(char *roleName)
@ -2511,9 +2515,7 @@ IsSuperuser(char *roleName)
HeapTuple roleTuple = SearchSysCache1(AUTHNAME, CStringGetDatum(roleName)); HeapTuple roleTuple = SearchSysCache1(AUTHNAME, CStringGetDatum(roleName));
if (!HeapTupleIsValid(roleTuple)) if (!HeapTupleIsValid(roleTuple))
{ {
ereport(FATAL, return false;
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("role \"%s\" does not exist", roleName)));
} }
Form_pg_authid rform = (Form_pg_authid) GETSTRUCT(roleTuple); Form_pg_authid rform = (Form_pg_authid) GETSTRUCT(roleTuple);