Re: replace strtok()

Hi Alexander,

Em qui., 10 de out. de 2024 às 02:00, Alexander Lakhin <exclusion(at)gmail(dot)com>
escreveu:

> Hello Peter,
>
> 23.07.2024 15:38, Peter Eisentraut wrote:
> > This has been committed. Thanks.
>
> Please look at the SCRAM secret, which breaks parse_scram_secret(),
> perhaps because strsep() doesn't return NULL where strtok() did:
>
> CREATE ROLE r PASSWORD
>
> 'SCRAM-SHA-256$4096:hpFyHTUsSWcR7O9P$LgZFIt6Oqdo27ZFKbZ2nV+=vtnYM995pDh9ca6WSi120qVV5NeluNfUPkwm7Vqat25RjSPLkGeoZBQs6wVv+um4=';
>
> Core was generated by `postgres: law regression [local] CREATE
> ROLE '.
> Program terminated with signal SIGSEGV, Segmentation fault.
>
> #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
> (gdb) bt
> #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
> #1 0x0000563625e9e5b0 in parse_scram_secret (...) at auth-scram.c:655
>
Thanks for the report.

It seems to me that it could be due to incorrect use of the strsep function.
See:
https://man7.org/linux/man-pages/man3/strsep.3.html
"

In case no delimiter was found, the token
is taken to be the entire string **stringp*, and **stringp* is made
NULL.

"
So, it is necessary to check the *stringp* against NULL too.

I tried the patch attached and your test case works.

CREATE ROLE r PASSWORD
postgres-#
'SCRAM-SHA-256$4096:hpFyHTUsSWcR7O9P$LgZFIt6Oqdo27ZFKbZ2nV+=vtnYM995pDh9ca6WSi120qVV5NeluNfUPkwm7Vqat25RjSPLkGeoZBQs6wVv+um4=';
CREATE ROLE

best regards,
Ranier Vilela