Fix strsep() use for SCRAM secrets parsing

The previous code (from commit 5d2e1cc117b) did not detect end of string correctly, so it would fail to error out if fewer than the expected number of fields were present, which could then later lead to a crash when NULL string pointers are accessed. Reported-by: Alexander Lakhin <exclusion@gmail.com> Reported-by: Ranier Vilela <ranier.vf@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c3944222a@eisentraut.org
2025-05-31 00:01:57 -04:00 · 2024-10-18 11:06:41 +02:00 · 2024-10-18 11:06:41 +02:00 · 24a36f91e3
commit 24a36f91e3
parent 9272bdeac8
1 changed files with 8 additions and 4 deletions
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@ -608,13 +608,17 @@ parse_scram_secret(const char *secret, int *iterations,
 	 * SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
 	 */
 	v = pstrdup(secret);
-	if ((scheme_str = strsep(&v, "$")) == NULL)
+	scheme_str = strsep(&v, "$");
+	if (v == NULL)
 		goto invalid_secret;
-	if ((iterations_str = strsep(&v, ":")) == NULL)
+	iterations_str = strsep(&v, ":");
+	if (v == NULL)
 		goto invalid_secret;
-	if ((salt_str = strsep(&v, "$")) == NULL)
+	salt_str = strsep(&v, "$");
+	if (v == NULL)
 		goto invalid_secret;
-	if ((storedkey_str = strsep(&v, ":")) == NULL)
+	storedkey_str = strsep(&v, ":");
+	if (v == NULL)
 		goto invalid_secret;
 	serverkey_str = v;