• Heikki Linnakangas's avatar
    Fix permission checks on constraint violation errors on partitions. · 6214e2b2
    Heikki Linnakangas authored
    If a cross-partition UPDATE violates a constraint on the target partition,
    and the columns in the new partition are in different physical order than
    in the parent, the error message can reveal columns that the user does not
    have SELECT permission on. A similar bug was fixed earlier in commit
    804b6b6d.
    
    The cause of the bug is that the callers of the
    ExecBuildSlotValueDescription() function got confused when constructing
    the list of modified columns. If the tuple was routed from a parent, we
    converted the tuple to the parent's format, but the list of modified
    columns was grabbed directly from the child's RTE entry.
    
    ExecUpdateLockMode() had a similar issue. That lead to confusion on which
    columns are key columns, leading to wrong tuple lock being taken on tables
    referenced by foreign keys, when a row is updated with INSERT ON CONFLICT
    UPDATE. A new isolation test is added for that corner case.
    
    With this patch, the ri_RangeTableIndex field is no longer set for
    partitions that don't have an entry in the range table. Previously, it was
    set to the RTE entry of the parent relation, but that was confusing.
    
    NOTE: This modifies the ResultRelInfo struct, replacing the
    ri_PartitionRoot field with ri_RootResultRelInfo. That's a bit risky to
    backpatch, because it breaks any extensions accessing the field. The
    change that ri_RangeTableIndex is not set for partitions could potentially
    break extensions, too. The ResultRelInfos are visible to FDWs at least,
    and this patch required small changes to postgres_fdw. Nevertheless, this
    seem like the least bad option. I don't think these fields widely used in
    extensions; I don't think there are FDWs out there that uses the FDW
    "direct update" API, other than postgres_fdw. If there is, you will get a
    compilation error, so hopefully it is caught quickly.
    
    Backpatch to 11, where support for both cross-partition UPDATEs, and unique
    indexes on partitioned tables, were added.
    
    Reviewed-by: Amit Langote
    Security: CVE-2021-3393
    6214e2b2
executor.h 23.6 KB