From e7e7da2f8d57bbe6c8fb463a9eec51486000ba2e Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Mon, 3 Apr 2023 13:11:00 -0400 Subject: [PATCH] Fix possible logical replication crash. Commit c3afe8cf5a1e465bd71e48e4bc717f5bfdc7a7d6 added a new password_required option but forgot that you need database access to check whether an arbitrary role ID is a superuser. Report and patch by Hou Zhijie. I added a comment. Thanks to Alexander Lakhin for devising a way to reproduce the crash. Discussion: http://postgr.es/m/OS0PR01MB5716BFD7EC44284C89F40808948F9@OS0PR01MB5716.jpnprd01.prod.outlook.com --- src/backend/replication/logical/worker.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 6fd674b5d60..ef2a6beb361 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -4545,12 +4545,14 @@ ApplyWorkerMain(Datum main_arg) replorigin_session_setup(originid, 0); replorigin_session_origin = originid; origin_startpos = replorigin_session_get_progress(false); - CommitTransactionCommand(); /* Is the use of a password mandatory? */ must_use_password = MySubscription->passwordrequired && !superuser_arg(MySubscription->owner); + /* Note that the superuser_arg call can access the DB */ + CommitTransactionCommand(); + LogRepWorkerWalRcvConn = walrcv_connect(MySubscription->conninfo, true, must_use_password, MySubscription->name, &err); -- 2.30.2