| From: | "Jingxian Li" <aqktjcm(at)qq(dot)com> |
|---|---|
| To: | "Daniel Gustafsson" <daniel(at)yesql(dot)se> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid |
| Date: | 2024-05-07 04:46:27 |
| Message-ID: | tencent_22238742F7B6A675CC1DF0D2A90E7C8C1E08@qq.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Daniel,
Thank you for explaining the ins and outs of this problem.
On 2024/4/30 17:14, Daniel Gustafsson wrote:
>> On 30 Apr 2024, at 04:41, Jingxian Li <aqktjcm(at)qq(dot)com> wrote:
>
>> Attached is a patch that fixes bug when calling strncmp function, in
>> which case the third argument (authmethod - strchr(authmethod, ' '))
>> may be negative, which is not as expected..
>
> The calculation is indeed incorrect, but the lack of complaints of it being
> broken made me wonder why this exist in the first place. This dates back to
> e7029b212755, just shy of 2 decades old, which added --auth with support for
> strings with auth-options to ident and pam like --auth 'pam <servicename>' and
> 'ident sameuser'. Support for options to ident was removed in 01c1a12a5bb4 but
> options to pam is still supported (although not documented), but was AFAICT
> broken in commit 8a02339e9ba3 some 12 years ago with this strncmp().
>
> - if (strncmp(authmethod, *p, (authmethod - strchr(authmethod, ' '))) == 0)
> + if (strncmp(authmethod, *p, (strchr(authmethod, ' ') - authmethod)) == 0)
>
> This with compare "pam postgresql" with "pam" and not "pam " so the length
> should be "(strchr(authmethod, ' ') - authmethod + 1)" since "pam " is a method
> separate from "pam" in auth_methods_{host|local}. We don't want to allow "md5
> " as that's not a method in the array of valid methods.
>
> But, since it's been broken in all supported versions of postgres and has
> AFAICT never been documented to exist, should we fix it or just remove it? We
> don't support auth-options for any other methods, like clientcert to cert for
> example. If we fix it we should also document that it works IMHO.
You mentioned that auth-options are not supported for auth methods except pam,
but I found that some methods (such as ldap and radius etc.) also requires aut-options,
and there are no corresponding auth methods ending with space (such as "ldap " and
radius ") present in auth_methods_host and auth_methods_local arrays.
--
Jingxian Li
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Guo | 2024-05-07 04:47:02 | Re: Revert: Remove useless self-joins *and* -DREALLOCATE_BITMAPSETS make server crash, regress test fail. |
| Previous Message | Ashutosh Bapat | 2024-05-07 04:20:41 | Re: Control flow in logical replication walsender |