Thread

  1. Re: Add SPLIT PARTITION/MERGE PARTITIONS commands

    Dmitry Koval <d.koval@postgrespro.ru> — 2024-08-30T08:43:10Z

    Hi!
    
    I plan to prepare fixes for issues from email [1] as separate commits 
    (for better code readability). Attachment in this email is a variant of 
    fix for the issue:
    
     > 1. Function createPartitionTable() should be rewritten using
     > partitioned table OID (not name) and without using ProcessUtility().
    
    Patch "Refactor createPartitionTable to remove ProcessUtility call" 
    contains code changes + test (see file 
    v33-0003-Refactor-createPartitionTable-to-remove-ProcessU.patch).
    
    But I'm not sure that refactoring createPartitionTable is the best 
    solution. PostgreSQL code has issue CVE-2014-0062 (commit 5f17304) - see 
    relation_openrv() call in expandTableLikeClause() function [2] (opening 
    relation by name after we got relation Oid).
    Example for reproduce relation_openrv() call:
    
    CREATE TABLE t (b bigint, i int DEFAULT 100);
    CREATE TABLE t1 (LIKE t_bigint INCLUDING ALL);
    
    Commit 04158e7fa3 [3] (by Alexander Korotkov) might be a good fix for 
    this issue. But if we keep commit 04158e7fa3, do we need to refactor the 
    createPartitionTable function (for removing ProcessUtility)?
    Perhaps the existing code
    1) v33-0002-Implement-ALTER-TABLE-.-SPLIT-PARTITION-.-comman.patch
    2) v33-0003-Refactor-createPartitionTable-to-remove-ProcessU.patch +
    with patch 04158e7fa3 will look better.
    
    
    I would be very grateful for comments and suggestions.
    
    Links.
    [1] 
    https://www.postgresql.org/message-id/859476bf-3cb0-455e-b093-b8ab5ef17f0e%40postgrespro.ru
    [2] 
    https://github.com/postgres/postgres/blob/c39afc38cfec7c34b883095062a89a63b221521a/src/backend/parser/parse_utilcmd.c#L1171
    [3] 
    https://github.com/postgres/postgres/commit/04158e7fa37c2dda9c3421ca922d02807b86df19
    
    -- 
    With best regards,
    Dmitry Koval
    
    Postgres Professional: http://postgrespro.com