refint: Fix SQL injection and buffer overruns. Maliciously crafted key value updates could achieve SQL injection within check_foreign_key(). To fix, ensure new key values are properly quoted and escaped in the internally generated SQL statements. While at it, avoid potential buffer overruns by replacing the stack buffers for internally generated SQL statements with StringInfo.
Reported-by: Nikolay Samokhvalov <[email protected]> Author: Nathan Bossart <[email protected]> Reviewed-by: Noah Misch <[email protected]> Reviewed-by: Tom Lane <[email protected]> Reviewed-by: Fujii Masao <[email protected]> Security: CVE-2026-6637 Backpatch-through: 14 Branch ------ REL_15_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/8053235abe86e8ed4f592ac752903f52369711ee Author: Nathan Bossart <[email protected]> Modified Files -------------- contrib/spi/refint.c | 84 ++++++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 46 deletions(-)
