Validate the OID argument of pg_import_system_collations().

"SELECT pg_import_system_collations(0)" caused an assertion failure.
With a random nonzero argument --- or indeed with zero, in non-assert
builds --- it would happily make pg_collation entries with garbage
values of collnamespace.  These are harmless as far as I can tell
(unless maybe the OID happens to become used for a schema, later on?).
In any case this isn't a security issue, since the function is
superuser-only.  But it seems like a gotcha for unwary DBAs, so let's
add a check that the given OID belongs to some schema.

Back-patch to v10 where this function was introduced.

diff --git a/src/backend/commands/collationcmds.c b/src/backend/commands/collationcmds.c
index a7ee452e192eb9968181e89fde12eda21f260d6c..55a0e24a35a7bb4a4208474fca3a5129c444af8a 100644 (file)
--- a/src/backend/commands/collationcmds.c
+++ b/src/backend/commands/collationcmds.c
@@ -407,14 +407,16 @@ pg_import_system_collations(PG_FUNCTION_ARGS)
    Oid         nspid = PG_GETARG_OID(0);
    int         ncreated = 0;
 
-   /* silence compiler warning if we have no locale implementation at all */
-   (void) nspid;
-
    if (!superuser())
        ereport(ERROR,
                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                 errmsg("must be superuser to import system collations")));
 
+   if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(nspid)))
+       ereport(ERROR,
+               (errcode(ERRCODE_UNDEFINED_SCHEMA),
+                errmsg("schema with OID %u does not exist", nspid)));
+
    /* Load collations known to libc, using "locale -a" to enumerate them */
 #ifdef READ_LOCALE_A_OUTPUT
    {