From 0f9398b34a5484edbb93cb7771d6204bb37b6f7c Mon Sep 17 00:00:00 2001 From: "Chao Li (Evan)" Date: Wed, 20 May 2026 08:49:15 +0800 Subject: [PATCH v1] Avoid leaking system path from pg_available_extensions The documentation says that when extension_control_path is set to an empty string, the default '$system' path is still assumed. However, get_extension_control_directories() added the system extension directory with a NULL macro in that case. As a result, pg_available_extensions could expose the expanded system directory path instead of reporting '$system' as the location. Record the implicitly-added system directory with the '$system' macro, so pg_available_extensions reports the documented symbolic location and does not leak the actual system path. Update the extension_control_path TAP test to check the reported location directly. Author: Chao Li Reviewed-by: Discussion: https://postgr.es/m/ --- src/backend/commands/extension.c | 2 +- .../modules/test_extensions/t/001_extension_control_path.pl | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c index a330b5fd6ce..98f9d7018ae 100644 --- a/src/backend/commands/extension.c +++ b/src/backend/commands/extension.c @@ -526,7 +526,7 @@ get_extension_control_directories(void) { ExtensionLocation *location = palloc_object(ExtensionLocation); - location->macro = NULL; + location->macro = pstrdup("$system"); location->loc = system_dir; paths = lappend(paths, location); } diff --git a/src/test/modules/test_extensions/t/001_extension_control_path.pl b/src/test/modules/test_extensions/t/001_extension_control_path.pl index c1cec0dc622..4a013a7da4b 100644 --- a/src/test/modules/test_extensions/t/001_extension_control_path.pl +++ b/src/test/modules/test_extensions/t/001_extension_control_path.pl @@ -109,10 +109,10 @@ is($ret, "t", "\$system extension is shown correctly in pg_available_extensions"); $ret = $node->safe_psql('postgres', - "set extension_control_path = ''; select count(*) > 0 as ok from pg_available_extensions where name = 'plpgsql'" + "set extension_control_path = ''; select location from pg_available_extensions where name = 'plpgsql'" ); -is($ret, "t", - "\$system extension is shown correctly in pg_available_extensions with empty extension_control_path" +is($ret, "\$system", + "\$system location is shown correctly in pg_available_extensions with empty extension_control_path" ); # Test with an extension that does not exists -- 2.50.1 (Apple Git-155)