Fix SQL injection in logical replication origin checks.
Noah Misch <noah@leadboat.com>
Fix SQL injection in logical replication origin checks. ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and relation names into SQL without quoting them. A crafted subscriber relation name can inject arbitrary SQL on the publisher. Test such a name. Back-patch to v16, where commit 875693019053b8897ec3983e292acbb439b088c3 first appeared. Reported-by: Pavel Kohout <pavel.kohout@aisle.com> Author: Pavel Kohout <pavel.kohout@aisle.com> Reviewed-by: Nathan Bossart <nathandbossart@gmail.com> Backpatch-through: 16 Security: CVE-2026-6638
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/commands/subscriptioncmds.c | modified | +7 −2 |
| src/test/subscription/t/030_origin.pl | modified | +19 −16 |