| From: | Richard Guo <rguo(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix integer-overflow problem in scram_SaltedPassword() |
| Date: | 2025-03-26 08:50:31 |
| Message-ID: | E1txMT0-0013jc-1r@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix integer-overflow problem in scram_SaltedPassword()
Setting the iteration count for SCRAM secret generation to INT_MAX
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison. To fix,
use "i < iterations" instead.
Back-patch to v16 where the user-settable GUC scram_iterations has
been added.
Author: Kevin K Biju <kevinkbiju(at)gmail(dot)com>
Reviewed-by: Richard Guo <guofenglinux(at)gmail(dot)com>
Reviewed-by: Michael Paquier <michael(at)paquier(dot)xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
Branch
------
REL_17_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/34fbfe1f57d84163fea4e234bf78d3b5fd5364b1
Modified Files
--------------
src/common/scram-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Guo | 2025-03-26 08:52:23 | pgsql: Fix integer-overflow problem in scram_SaltedPassword() |
| Previous Message | Richard Guo | 2025-03-26 08:47:57 | pgsql: Fix integer-overflow problem in scram_SaltedPassword() |