Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Add auditEventStack null check in pgaudit_ExecutorCheckPerms_hook #250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add auditEventStack null check in pgaudit_ExecutorCheckPerms_hook #250

wants to merge 1 commit into from

Conversation

tanscorpio7
Copy link

@tanscorpio7 tanscorpio7 commented Aug 29, 2024
edited
Loading

Description

Fix crash inside log_select_dml when called with an empty
auditEventStack. log_select_dml only logs an event after
executing this line.

pgaudit/pgaudit.c

Line 1148 in c214a2e

auditEventStack->auditEvent.granted = false;

This expects auditEventStack to be non empty but some
extensions could be calling ExecCheckRTPerms outside
of executor or processUtility with an empty auditEventStack
which results in NPE crash.

As a fix, always check for auditEventStack to be non empty in
pgaudit_ExecutorCheckPerms_hook before calling
log_select_dml and avoid the crash.

An IF branch in pgaudit_ExecutorCheckPerms_hook is
already checking for auditEventStack != NULL

pgaudit/pgaudit.c

Line 1491 in c214a2e

if (auditLogRows && auditEventStack != NULL)

Issues

#212

Sign Off

Signed-off-by: Tanzeel Khan tzlkhan@amazon.com

@tanscorpio7
check for not null auditEventStack before calling log_select_dml in p…
1c4f2aa 
…gaudit_ExecutorCheckPerms_hook

Signed-off-by: Tanzeel Khan <tzlkhan@amazon.com>
@dwsteele dwsteele self-requested a review September 25, 2024 11:44
@dwsteele dwsteele self-assigned this Sep 25, 2024
@dwsteele
Copy link
Contributor

I'm still not convinced that pgAudit needs to compensate for odd things that other extensions do. Seems like a rabbit hole we don't want to go down.

@dwsteele dwsteele changed the base branch from main to integration October 31, 2024 22:47
@bigplaice
Copy link

I'm still not convinced that pgAudit needs to compensate for odd things that other extensions do. Seems like a rabbit hole we don't want to go down.

Hi, David, in my opinion, I don't think pgAudit is compensating for something, it just stops bad things from becoming worse.

@CyberDem0n CyberDem0n mentioned this pull request Mar 13, 2025
Open
@dwsteele
Copy link
Contributor

dwsteele commented Jun 4, 2025
edited
Loading

This will be addressed by PR #272.

@dwsteele dwsteele closed this Jun 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwsteele dwsteele Awaiting requested review from dwsteele

Assignees

@dwsteele dwsteele

Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tanscorpio7 @dwsteele @bigplaice
Morty Proxy This is a proxified and sanitized view of the page, visit original site.