From df4d43acb2956509e8166f2df4a3a2be1493ff6f Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 15 Oct 2024 08:39:30 +0200 Subject: [PATCH v2] Fix strsep() use for SCRAM secrets parsing The previous code (from commit 5d2e1cc117b) did not detect end of string correctly, so it would fail to error out if fewer than the expected number of fields were present, which could then later lead to a crash when NULL string pointers are accessed. Reported-by: Alexander Lakhin Reported-by: Ranier Vilela Discussion: https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c3944222a@eisentraut.org --- src/backend/libpq/auth-scram.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index 03ddddc3c27..56df870e9ef 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -608,13 +608,17 @@ parse_scram_secret(const char *secret, int *iterations, * SCRAM-SHA-256$:$: */ v = pstrdup(secret); - if ((scheme_str = strsep(&v, "$")) == NULL) + scheme_str = strsep(&v, "$"); + if (v == NULL) goto invalid_secret; - if ((iterations_str = strsep(&v, ":")) == NULL) + iterations_str = strsep(&v, ":"); + if (v == NULL) goto invalid_secret; - if ((salt_str = strsep(&v, "$")) == NULL) + salt_str = strsep(&v, "$"); + if (v == NULL) goto invalid_secret; - if ((storedkey_str = strsep(&v, ":")) == NULL) + storedkey_str = strsep(&v, ":"); + if (v == NULL) goto invalid_secret; serverkey_str = v; base-commit: 7cdfeee320e72162b62dddddee638e713c2b8680 -- 2.47.0