| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix strsep() use for SCRAM secrets parsing |
| Date: | 2024-10-18 09:26:06 |
| Message-ID: | E1t1jFG-001MBH-GF@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix strsep() use for SCRAM secrets parsing
The previous code (from commit 5d2e1cc117b) did not detect end of
string correctly, so it would fail to error out if fewer than the
expected number of fields were present, which could then later lead to
a crash when NULL string pointers are accessed.
Reported-by: Alexander Lakhin <exclusion(at)gmail(dot)com>
Reported-by: Ranier Vilela <ranier(dot)vf(at)gmail(dot)com>
Discussion: https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c3944222a(at)eisentraut(dot)org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/24a36f91e32d6cbb8182c4cc6529d6e47587c988
Modified Files
--------------
src/backend/libpq/auth-scram.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-10-18 09:34:14 | pgsql: Fix memory leaks from incorrect strsep() uses |
| Previous Message | Fujii Masao | 2024-10-18 08:22:10 | pgsql: Remove unused code for unlogged materialized views. |