Skip to content

Commit 95c1dbc

Browse files
hlinnakahlinnaka
committed
A collection of small fixes for the SCRAM patch.
* Add required #includes for htonl. Per buildfarm members pademelon/gaur. * Remove unnecessary "#include <utils/memutils>". * Fix checking for empty string in pg_SASL_init. (Reported by Peter Eisentraut and his compiler) * Move code in pg_SASL_init to match the recent changes (commit ba005f1) to pg_fe_sendauth() function, where it's copied from. * Return value of malloc() was not checked for NULL in scram_SaltedPassword(). Fix by avoiding the malloc().
1 parent 3bc7daf commit 95c1dbc

File tree

2 files changed

+14
-23
lines changed

2 files changed

+14
-23
lines changed

src/common/scram-common.c

Lines changed: 10 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,14 @@
1515
*/
1616
#ifndef FRONTEND
1717
#include "postgres.h"
18-
#include "utils/memutils.h"
1918
#else
2019
#include "postgres_fe.h"
2120
#endif
2221

22+
/* for htonl */
23+
#include <netinet/in.h>
24+
#include <arpa/inet.h>
25+
2326
#include "common/scram-common.h"
2427

2528
#define HMAC_IPAD 0x36
@@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result)
145148
}
146149

147150
/*
148-
* Normalize a password for SCRAM authentication.
151+
* Encrypt password for SCRAM authentication. This basically applies the
152+
* normalization of the password and a hash calculation using the salt
153+
* value given by caller.
149154
*/
150155
static void
151-
scram_Normalize(const char *password, char *result)
156+
scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
157+
uint8 *result)
152158
{
153159
/*
154160
* XXX: Here SASLprep should be applied on password. However, per RFC5802,
@@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result)
158164
* the frontend in order to be able to encode properly this string, and
159165
* then apply SASLprep on it.
160166
*/
161-
memcpy(result, password, strlen(password) + 1);
162-
}
163-
164-
/*
165-
* Encrypt password for SCRAM authentication. This basically applies the
166-
* normalization of the password and a hash calculation using the salt
167-
* value given by caller.
168-
*/
169-
static void
170-
scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
171-
uint8 *result)
172-
{
173-
char *pwbuf;
174167

175-
pwbuf = (char *) malloc(strlen(password) + 1);
176-
scram_Normalize(password, pwbuf);
177-
scram_Hi(pwbuf, salt, saltlen, iterations, result);
178-
free(pwbuf);
168+
scram_Hi(password, salt, saltlen, iterations, result);
179169
}
180170

181171
/*

src/interfaces/libpq/fe-auth.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism)
445445
*/
446446
if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
447447
{
448-
char *password = conn->connhost[conn->whichhost].password;
448+
char *password;
449449

450+
conn->password_needed = true;
451+
password = conn->connhost[conn->whichhost].password;
450452
if (password == NULL)
451453
password = conn->pgpass;
452-
conn->password_needed = true;
453-
if (password == NULL || password == '\0')
454+
if (password == NULL || password[0] == '\0')
454455
{
455456
printfPQExpBuffer(&conn->errorMessage,
456457
PQnoPasswordSupplied);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy