A collection of small fixes for the SCRAM patch.

* Add required #includes for htonl. Per buildfarm members pademelon/gaur. * Remove unnecessary "#include <utils/memutils>". * Fix checking for empty string in pg_SASL_init. (Reported by Peter Eisentraut and his compiler) * Move code in pg_SASL_init to match the recent changes (commit ba005f193d) to pg_fe_sendauth() function, where it's copied from. * Return value of malloc() was not checked for NULL in scram_SaltedPassword(). Fix by avoiding the malloc().
2025-06-04 00:02:37 -04:00 · 2017-03-07 19:00:22 +02:00 · 2017-03-07 19:00:22 +02:00 · 95c1dbcdff
commit 95c1dbcdff
parent 3bc7dafa9b
2 changed files with 14 additions and 23 deletions
--- a/src/common/scram-common.c
+++ b/src/common/scram-common.c
@ -15,11 +15,14 @@
 */
 #ifndef FRONTEND
 #include "postgres.h"
-#include "utils/memutils.h"
 #else
 #include "postgres_fe.h"
 #endif

+/* for htonl */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
 #include "common/scram-common.h"

 #define HMAC_IPAD 0x36
@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result)
 }

 /*
- * Normalize a password for SCRAM authentication.
+ * Encrypt password for SCRAM authentication. This basically applies the
+ * normalization of the password and a hash calculation using the salt
+ * value given by caller.
 */
 static void
-scram_Normalize(const char *password, char *result)
+scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
+					 uint8 *result)
 {
 	/*
 	 * XXX: Here SASLprep should be applied on password. However, per RFC5802,
@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result)
 	 * the frontend in order to be able to encode properly this string, and
 	 * then apply SASLprep on it.
 	 */
-	memcpy(result, password, strlen(password) + 1);
-}

-/*
- * Encrypt password for SCRAM authentication. This basically applies the
- * normalization of the password and a hash calculation using the salt
- * value given by caller.
- */
-static void
-scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
-					 uint8 *result)
-{
-	char	   *pwbuf;
-
-	pwbuf = (char *) malloc(strlen(password) + 1);
-	scram_Normalize(password, pwbuf);
-	scram_Hi(pwbuf, salt, saltlen, iterations, result);
-	free(pwbuf);
+	scram_Hi(password, salt, saltlen, iterations, result);
 }

 /*
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism)
 	 */
 	if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
 	{
-		char	   *password = conn->connhost[conn->whichhost].password;
+		char	   *password;

+		conn->password_needed = true;
+		password = conn->connhost[conn->whichhost].password;
 		if (password == NULL)
 			password = conn->pgpass;
-		conn->password_needed = true;
-		if (password == NULL || password == '\0')
+		if (password == NULL || password[0] == '\0')
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  PQnoPasswordSupplied);