Bug#858650: unblock: plv8/1:1.4.9.ds-1

[Christoph Berg <myon@debian.org>]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package plv8. The new version fixes a security problem.


diff -Nru plv8-1.4.8.ds/debian/changelog plv8-1.4.9.ds/debian/changelog
--- plv8-1.4.8.ds/debian/changelog	2017-01-14 21:15:06.000000000 +0100
+++ plv8-1.4.9.ds/debian/changelog	2017-03-22 19:01:08.000000000 +0100
@@ -1,3 +1,9 @@
+plv8 (1:1.4.9.ds-1) unstable; urgency=medium
+
+  * Security bugfix release: Check for permission to call functions.
+
+ -- Christoph Berg <myon@debian.org>  Wed, 22 Mar 2017 19:01:08 +0100
+
 plv8 (1:1.4.8.ds-3) unstable; urgency=medium
 
   * Remove Evgeni from Uploaders. Thanks!
diff -Nru plv8-1.4.8.ds/expected/startup.out plv8-1.4.9.ds/expected/startup.out
--- plv8-1.4.8.ds/expected/startup.out	2013-06-20 16:49:58.000000000 +0200
+++ plv8-1.4.9.ds/expected/startup.out	2017-03-22 19:01:01.000000000 +0100
@@ -1,7 +1,7 @@
 -- test startup failure
 set plv8.start_proc = foo;
 do $$ plv8.elog(NOTICE, 'foo = ' + foo) $$ language plv8;
-WARNING:  failed to find js function function "foo" does not exist
+WARNING:  failed to find js function function "foo()" does not exist
 ERROR:  ReferenceError: foo is not defined
 DETAIL:  undefined() LINE 1:  plv8.elog(NOTICE, 'foo = ' + foo) 
 \c
diff -Nru plv8-1.4.8.ds/Makefile plv8-1.4.9.ds/Makefile
--- plv8-1.4.8.ds/Makefile	2016-04-21 11:00:49.000000000 +0200
+++ plv8-1.4.9.ds/Makefile	2017-03-22 19:01:01.000000000 +0100
@@ -12,7 +12,7 @@
 #   'make static' will download v8 and build, then statically link to it.
 #
 #-----------------------------------------------------------------------------#
-PLV8_VERSION = 1.4.8
+PLV8_VERSION = 1.4.9
 
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
diff -Nru plv8-1.4.8.ds/META.json plv8-1.4.9.ds/META.json
--- plv8-1.4.8.ds/META.json	2016-04-21 11:00:49.000000000 +0200
+++ plv8-1.4.9.ds/META.json	2017-03-22 19:01:01.000000000 +0100
@@ -2,7 +2,7 @@
     "name": "plv8",
     "abstract": "A procedural language in JavaScript powered by V8",
     "description": "plv8 is a trusted procedural language that is safe to use, fast to run and easy to develop.",
-    "version": "1.4.8",
+    "version": "1.4.9",
     "maintainer": [
         "Jerry Sievert <code@legitimatesounding.com>",
         "Hitoshi Harada <umi.tanuki@gmail.com>"
@@ -24,21 +24,21 @@
     },
     "provides": {
         "plv8": {
-            "file": "plv8--1.4.8.sql",
+            "file": "plv8--1.4.9.sql",
             "docfile": "doc/plv8.md",
-            "version": "1.4.8",
+            "version": "1.4.9",
             "abstract": "A procedural language in JavaScript"
          },
         "plcoffee": {
-            "file": "plcoffee--1.4.8.sql",
+            "file": "plcoffee--1.4.9.sql",
             "docfile": "doc/plv8.md",
-            "version": "1.4.8",
+            "version": "1.4.9",
             "abstract": "A procedural language in CoffeeScript"
          },
         "plls": {
-            "file": "plls--1.4.8.sql",
+            "file": "plls--1.4.9.sql",
             "docfile": "doc/plv8.md",
-            "version": "1.4.8",
+            "version": "1.4.9",
             "abstract": "A procedural language in LiveScript"
          }
     },
diff -Nru plv8-1.4.8.ds/plv8.cc plv8-1.4.9.ds/plv8.cc
--- plv8-1.4.8.ds/plv8.cc	2016-04-21 10:59:10.000000000 +0200
+++ plv8-1.4.9.ds/plv8.cc	2017-03-22 19:01:01.000000000 +0100
@@ -191,7 +191,7 @@
 _PG_init(void)
 {
 	HASHCTL    hash_ctl = { 0 };
-	
+
 	hash_ctl.keysize = sizeof(Oid);
 	hash_ctl.entrysize = sizeof(plv8_proc_cache);
 	hash_ctl.hash = oid_hash;
@@ -1263,6 +1263,18 @@
 	return ThrowException(Exception::Error(String::New(message)));
 }
 
+static text *
+charToText(char *string)
+{
+	int len = strlen(string);
+	text *result = (text *) palloc(len + 1 + VARHDRSZ);
+
+	SET_VARSIZE(result, len + VARHDRSZ);
+	memcpy(VARDATA(result), string, len + 1);
+
+	return result;
+}
+
 static Persistent<Context>
 GetGlobalContext()
 {
@@ -1307,10 +1319,40 @@
 			Context::Scope		context_scope(global_context);
 			TryCatch			try_catch;
 			MemoryContext		ctx = CurrentMemoryContext;
+			text *arg1, *arg2;
+			FunctionCallInfoData fake_fcinfo;
+			FmgrInfo	flinfo;
+
+			char proc[NAMEDATALEN + 32];
+			strcpy(proc, plv8_start_proc);
+			strcat(proc, "()");
+			char perm[16];
+			strcpy(perm, "EXECUTE");
+			arg1 = charToText(proc);
+			arg2 = charToText(perm);
+
+			MemSet(&fake_fcinfo, 0, sizeof(fake_fcinfo));
+			MemSet(&flinfo, 0, sizeof(flinfo));
+			fake_fcinfo.flinfo = &flinfo;
+			flinfo.fn_oid = InvalidOid;
+			flinfo.fn_mcxt = CurrentMemoryContext;
+			fake_fcinfo.nargs = 2;
+			fake_fcinfo.arg[0] = CStringGetDatum(arg1);
+			fake_fcinfo.arg[1] = CStringGetDatum(arg2);
 
 			PG_TRY();
 			{
-				func = find_js_function_by_name(plv8_start_proc);
+				Datum ret = has_function_privilege_name(&fake_fcinfo);
+
+				if (ret == 0) {
+					elog(WARNING, "failed to find js function %s", plv8_start_proc);
+				} else {
+					if (DatumGetBool(ret)) {
+						func = find_js_function_by_name(plv8_start_proc);
+					} else {
+						elog(WARNING, "no permission to execute js function %s", plv8_start_proc);
+					}
+				}
 			}
 			PG_CATCH();
 			{

unblock plv8/1:1.4.9.ds-1

Thanks,
Christoph

Attachment: signature.asc
Description: PGP signature