From 02b2e6eec5623ffb9c83a0cf85dcdfe1d48173ed Mon Sep 17 00:00:00 2001
From: Sven Klemm <sven@timescale.com>
Date: Tue, 1 Oct 2024 06:37:20 +0200
Subject: [PATCH] Fix sql injection vulnerability in pgsodium.mask_role

pgsodium.mask_role does not properly quote the view_name argument
before using it in a generated sql query. This is especially critical
since mask_role is a security definer function.
---
 sql/pgsodium--3.1.9--3.1.10.sql | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 sql/pgsodium--3.1.9--3.1.10.sql

diff --git a/sql/pgsodium--3.1.9--3.1.10.sql b/sql/pgsodium--3.1.9--3.1.10.sql
new file mode 100644
index 0000000..24250a1
--- /dev/null
+++ b/sql/pgsodium--3.1.9--3.1.10.sql
@@ -0,0 +1,25 @@
+
+CREATE OR REPLACE FUNCTION pgsodium.mask_role(masked_role regrole, source_name text, view_name text)
+  RETURNS void AS
+  $$
+BEGIN
+  EXECUTE format(
+    'GRANT SELECT ON pgsodium.key TO %s',
+    masked_role);
+
+  EXECUTE format(
+    'GRANT pgsodium_keyiduser, pgsodium_keyholder TO %s',
+    masked_role);
+
+  EXECUTE format(
+    'GRANT ALL ON %I TO %s',
+    view_name,
+    masked_role);
+  RETURN;
+END
+$$
+  LANGUAGE plpgsql
+  SECURITY DEFINER
+  SET search_path='pg_catalog, pg_temp'
+;
+