| From: | Bernd Helmle <mailings(at)oopsware(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Japin Li <japinli(at)hotmail(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Modern SHA2- based password hashes for pgcrypto |
| Date: | 2025-04-07 11:48:49 |
| Message-ID: | 6fab35422df6b6b9727fdcc243c5fa1c667dd3b5.camel@oopsware.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Am Sonntag, dem 06.04.2025 um 15:43 -0400 schrieb Tom Lane:
> I'd be more comfortable with a check like
>
> if (strchr("...valid chars...", *ep) != NULL)
>
> It looks like "_crypt_itoa64" might be directly usable as the
> valid-chars string, too. (BTW, why is _crypt_itoa64 not
> marked const?)
Here is a patch that tries to address all these issues (including
Andres' report). I've adjusted the error message and use ereport(), so
it might be more useful if we deal with not just single byte letters.
I've also changed _crypt_itoa64 from unsigned char to char, since this
seems what strchr() expects (at least on my machine) and we don't deal
specifically elsewhere with that.
Thanks,
Bernd
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Follow-up-fixes-for-commit-749a9e20c9790006f3af47f7a.patch | text/x-patch | 1.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | wenhui qiu | 2025-04-07 12:02:04 | Re: An incorrect check in get_memoize_path |
| Previous Message | Ashutosh Bapat | 2025-04-07 11:33:30 | Re: [PATCH] clarify palloc comment on quote_literal_cstr |