| From: | Kevin K Biju <kevinkbiju(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Fix infinite loop from setting scram_iterations to INT_MAX |
| Date: | 2025-03-23 13:41:10 |
| Message-ID: | CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I stumbled upon a problem with the scram_iterations GUC where setting
scram_iterations to INT_MAX and then creating a user causes the command to
hang indefinitely.
postgres=# SET scram_iterations=2147483647;
SET
postgres=# CREATE ROLE maxscram WITH PASSWORD 'forever';
<hangs>
I looked into the relevant code and found the issue. Each SCRAM iteration
after the first is done in a loop with the following condition:
int i;
...
for (i = 2; i <= iterations; i++)
{
...
}
For iterations = INT_MAX, the loop will never terminate since the condition
is <= and adding 1 to INT_MAX will lead to i wrapping around to INT_MIN.
I've fixed this by modifying the loop condition to be i < iterations. I've
attached a patch with the fix. I considered adding a test as well, but
since generating a password with a high number of iterations is very
time-consuming, I'm not sure if that would be practical.
I also tried adding this to the current CommitFest, but my account hasn't
passed the cooldown period yet.
Thanks,
Kevin
| Attachment | Content-Type | Size |
|---|---|---|
| fix_max_scram_iterations.patch | application/octet-stream | 400 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Lakhin | 2025-03-23 14:00:00 | Regression test postgres_fdw might fail due to autovacuum |
| Previous Message | Andrei Lepikhov | 2025-03-23 09:44:16 | Re: Add Postgres module info |