NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitad5b6f2

committed

Revert error handling improvements for cryptohashes

This reverts commitsab27df2,af8d530 and3a0cced, that introducedpg_cryptohash_error(). In order to make the core code able to pass downthe new error types that this introduced, some of the MD5-relatedroutines had to be reworked, causing an ABI breakage, but we found thatsome external extensions rely on them. Maintaining compatibilityoutweights the error report benefits, so just revert the change in v14.Reported-by: Laurenz AlbeDiscussion:https://postgr.es/m/9f0c0a96d28cf14fc87296bbe67061c14eb53ae8.camel@cybertec.at

1 parent4aee39d commitad5b6f2Copy full SHA for ad5b6f2

File tree

19 files changed

+88

-297

lines changed

contrib
- passwordcheck
  - passwordcheck.c
- pgcrypto
  - internal-sha2.c
  - internal.c
- uuid-ossp
  - uuid-ossp.c
src
- backend
  - commands
    - user.c
  - libpq
  - replication
    - backup_manifest.c
  - utils/adt
    - cryptohashfuncs.c
- common
- include
  - common
    - cryptohash.h
    - md5.h
  - libpq
    - crypt.h
    - scram.h
- interfaces/libpq
  - fe-auth.c
- tools/pgindent
  - typedefs.list

19 files changed

+88

-297

lines changed

`‎contrib/passwordcheck/passwordcheck.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ check_password(const char *username,`
`74`	`74`	`*`
`75`	`75`	`* We only check for username = password.`
`76`	`76`	`*/`
`77`		`-constchar*logdetail=NULL;`
	`77`	`+char*logdetail;`
`78`	`78`
`79`	`79`	`if (plain_crypt_verify(username,shadow_pass,username,&logdetail)==STATUS_OK)`
`80`	`80`	`ereport(ERROR,`

`‎contrib/pgcrypto/internal-sha2.c`

Lines changed: 3 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -101,8 +101,7 @@ int_sha2_update(PX_MD h, const uint8 data, unsigned dlen)`
`101`	`101`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`102`	`102`
`103`	`103`	`if (pg_cryptohash_update(ctx,data,dlen)<0)`
`104`		`-elog(ERROR,"could not update %s context: %s","SHA2",`
`105`		`-pg_cryptohash_error(ctx));`
	`104`	`+elog(ERROR,"could not update %s context","SHA2");`
`106`	`105`	`}`
`107`	`106`
`108`	`107`	`staticvoid`
`@@ -111,8 +110,7 @@ int_sha2_reset(PX_MD *h)`
`111`	`110`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`112`	`111`
`113`	`112`	`if (pg_cryptohash_init(ctx)<0)`
`114`		`-elog(ERROR,"could not initialize %s context: %s","SHA2",`
`115`		`-pg_cryptohash_error(ctx));`
	`113`	`+elog(ERROR,"could not initialize %s context","SHA2");`
`116`	`114`	`}`
`117`	`115`
`118`	`116`	`staticvoid`
`@@ -121,8 +119,7 @@ int_sha2_finish(PX_MD h, uint8 dst)`
`121`	`119`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`122`	`120`
`123`	`121`	`if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`124`		`-elog(ERROR,"could not finalize %s context: %s","SHA2",`
`125`		`-pg_cryptohash_error(ctx));`
	`122`	`+elog(ERROR,"could not finalize %s context","SHA2");`
`126`	`123`	`}`
`127`	`124`
`128`	`125`	`staticvoid`

`‎contrib/pgcrypto/internal.c`

Lines changed: 6 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -89,8 +89,7 @@ int_md5_update(PX_MD h, const uint8 data, unsigned dlen)`
`89`	`89`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`90`	`90`
`91`	`91`	`if (pg_cryptohash_update(ctx,data,dlen)<0)`
`92`		`-elog(ERROR,"could not update %s context: %s","MD5",`
`93`		`-pg_cryptohash_error(ctx));`
	`92`	`+elog(ERROR,"could not update %s context","MD5");`
`94`	`93`	`}`
`95`	`94`
`96`	`95`	`staticvoid`
`@@ -99,8 +98,7 @@ int_md5_reset(PX_MD *h)`
`99`	`98`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`100`	`99`
`101`	`100`	`if (pg_cryptohash_init(ctx)<0)`
`102`		`-elog(ERROR,"could not initialize %s context: %s","MD5",`
`103`		`-pg_cryptohash_error(ctx));`
	`101`	`+elog(ERROR,"could not initialize %s context","MD5");`
`104`	`102`	`}`
`105`	`103`
`106`	`104`	`staticvoid`
`@@ -109,8 +107,7 @@ int_md5_finish(PX_MD h, uint8 dst)`
`109`	`107`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`110`	`108`
`111`	`109`	`if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`112`		`-elog(ERROR,"could not finalize %s context: %s","MD5",`
`113`		`-pg_cryptohash_error(ctx));`
	`110`	`+elog(ERROR,"could not finalize %s context","MD5");`
`114`	`111`	`}`
`115`	`112`
`116`	`113`	`staticvoid`
`@@ -142,8 +139,7 @@ int_sha1_update(PX_MD h, const uint8 data, unsigned dlen)`
`142`	`139`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`143`	`140`
`144`	`141`	`if (pg_cryptohash_update(ctx,data,dlen)<0)`
`145`		`-elog(ERROR,"could not update %s context: %s","SHA1",`
`146`		`-pg_cryptohash_error(ctx));`
	`142`	`+elog(ERROR,"could not update %s context","SHA1");`
`147`	`143`	`}`
`148`	`144`
`149`	`145`	`staticvoid`
`@@ -152,8 +148,7 @@ int_sha1_reset(PX_MD *h)`
`152`	`148`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`153`	`149`
`154`	`150`	`if (pg_cryptohash_init(ctx)<0)`
`155`		`-elog(ERROR,"could not initialize %s context: %s","SHA1",`
`156`		`-pg_cryptohash_error(ctx));`
	`151`	`+elog(ERROR,"could not initialize %s context","SHA1");`
`157`	`152`	`}`
`158`	`153`
`159`	`154`	`staticvoid`
`@@ -162,8 +157,7 @@ int_sha1_finish(PX_MD h, uint8 dst)`
`162`	`157`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`163`	`158`
`164`	`159`	`if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`165`		`-elog(ERROR,"could not finalize %s context: %s","SHA1",`
`166`		`-pg_cryptohash_error(ctx));`
	`160`	`+elog(ERROR,"could not finalize %s context","SHA1");`
`167`	`161`	`}`
`168`	`162`
`169`	`163`	`staticvoid`

`‎contrib/uuid-ossp/uuid-ossp.c`

Lines changed: 6 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -319,17 +319,14 @@ uuid_generate_internal(int v, unsigned char ns, const char ptr, int len)`
`319`	`319`	`pg_cryptohash_ctx*ctx=pg_cryptohash_create(PG_MD5);`
`320`	`320`
`321`	`321`	`if (pg_cryptohash_init(ctx)<0)`
`322`		`-elog(ERROR,"could not initialize %s context: %s","MD5",`
`323`		`-pg_cryptohash_error(ctx));`
	`322`	`+elog(ERROR,"could not initialize %s context","MD5");`
`324`	`323`	`if (pg_cryptohash_update(ctx,ns,sizeof(uu))<0\|\|`
`325`	`324`	`pg_cryptohash_update(ctx, (unsignedchar*)ptr,len)<0)`
`326`		`-elog(ERROR,"could not update %s context: %s","MD5",`
`327`		`-pg_cryptohash_error(ctx));`
	`325`	`+elog(ERROR,"could not update %s context","MD5");`
`328`	`326`	`/* we assume sizeof MD5 result is 16, same as UUID size */`
`329`	`327`	`if (pg_cryptohash_final(ctx, (unsignedchar*)&uu,`
`330`	`328`	`sizeof(uu))<0)`
`331`		`-elog(ERROR,"could not finalize %s context: %s","MD5",`
`332`		`-pg_cryptohash_error(ctx));`
	`329`	`+elog(ERROR,"could not finalize %s context","MD5");`
`333`	`330`	`pg_cryptohash_free(ctx);`
`334`	`331`	`}`
`335`	`332`	`else`
`@@ -338,15 +335,12 @@ uuid_generate_internal(int v, unsigned char ns, const char ptr, int len)`
`338`	`335`	`unsignedcharsha1result[SHA1_DIGEST_LENGTH];`
`339`	`336`
`340`	`337`	`if (pg_cryptohash_init(ctx)<0)`
`341`		`-elog(ERROR,"could not initialize %s context: %s","SHA1",`
`342`		`-pg_cryptohash_error(ctx));`
	`338`	`+elog(ERROR,"could not initialize %s context","SHA1");`
`343`	`339`	`if (pg_cryptohash_update(ctx,ns,sizeof(uu))<0\|\|`
`344`	`340`	`pg_cryptohash_update(ctx, (unsignedchar*)ptr,len)<0)`
`345`		`-elog(ERROR,"could not update %s context: %s","SHA1",`
`346`		`-pg_cryptohash_error(ctx));`
	`341`	`+elog(ERROR,"could not update %s context","SHA1");`
`347`	`342`	`if (pg_cryptohash_final(ctx,sha1result,sizeof(sha1result))<0)`
`348`		`-elog(ERROR,"could not finalize %s context: %s","SHA1",`
`349`		`-pg_cryptohash_error(ctx));`
	`343`	`+elog(ERROR,"could not finalize %s context","SHA1");`
`350`	`344`	`pg_cryptohash_free(ctx);`
`351`	`345`
`352`	`346`	`memcpy(&uu,sha1result,sizeof(uu));`

`‎src/backend/commands/user.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -393,7 +393,7 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`393`	`393`	`if (password)`
`394`	`394`	`{`
`395`	`395`	`char*shadow_pass;`
`396`		`-constchar*logdetail=NULL;`
	`396`	`+char*logdetail;`
`397`	`397`
`398`	`398`	`/*`
`399`	`399`	`* Don't allow an empty password. Libpq treats an empty password the`
`@@ -835,7 +835,7 @@ AlterRole(AlterRoleStmt *stmt)`
`835`	`835`	`if (password)`
`836`	`836`	`{`
`837`	`837`	`char*shadow_pass;`
`838`		`-constchar*logdetail=NULL;`
	`838`	`+char*logdetail;`
`839`	`839`
`840`	`840`	`/* Like in CREATE USER, don't allow an empty password. */`
`841`	`841`	`if (password[0]=='\0'\|\|`

`‎src/backend/libpq/auth-scram.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -327,7 +327,7 @@ pg_be_scram_init(Port *port,`
`327`	`327`	`*/`
`328`	`328`	`int`
`329`	`329`	`pg_be_scram_exchange(voidopaq,constcharinput,intinputlen,`
`330`		`-char*output,intoutputlen,constchar**logdetail)`
	`330`	`+char*output,intoutputlen,char**logdetail)`
`331`	`331`	`{`
`332`	`332`	`scram_statestate= (scram_state)opaq;`
`333`	`333`	`intresult;`

`‎src/backend/libpq/auth.c`

Lines changed: 15 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@`
`47`	`47`	`*/`
`48`	`48`	`staticvoidsendAuthRequest(Portport,AuthRequestareq,constcharextradata,`
`49`	`49`	`intextralen);`
`50`		`-staticvoidauth_failed(Portport,intstatus,constcharlogdetail);`
	`50`	`+staticvoidauth_failed(Portport,intstatus,charlogdetail);`
`51`	`51`	`staticcharrecv_password_packet(Portport);`
`52`	`52`	`staticvoidset_authn_id(Portport,constcharid);`
`53`	`53`
`@@ -56,11 +56,11 @@ static void set_authn_id(Port port, const char id);`
`56`	`56`	`* Password-based authentication methods (password, md5, and scram-sha-256)`
`57`	`57`	`*----------------------------------------------------------------`
`58`	`58`	`*/`
`59`		`-staticintCheckPasswordAuth(Portport,constchar*logdetail);`
`60`		`-staticintCheckPWChallengeAuth(Portport,constchar*logdetail);`
	`59`	`+staticintCheckPasswordAuth(Portport,char*logdetail);`
	`60`	`+staticintCheckPWChallengeAuth(Portport,char*logdetail);`
`61`	`61`
`62`		`-staticintCheckMD5Auth(Portport,charshadow_pass,constchar**logdetail);`
`63`		`-staticintCheckSCRAMAuth(Portport,charshadow_pass,constchar**logdetail);`
	`62`	`+staticintCheckMD5Auth(Portport,charshadow_pass,char**logdetail);`
	`63`	`+staticintCheckSCRAMAuth(Portport,charshadow_pass,char**logdetail);`
`64`	`64`
`65`	`65`
`66`	`66`	`/*----------------------------------------------------------------`
`@@ -258,7 +258,7 @@ ClientAuthentication_hook_type ClientAuthentication_hook = NULL;`
`258`	`258`	`* particular, if logdetail isn't NULL, we send that string to the log.`
`259`	`259`	`*/`
`260`	`260`	`staticvoid`
`261`		`-auth_failed(Portport,intstatus,constcharlogdetail)`
	`261`	`+auth_failed(Portport,intstatus,charlogdetail)`
`262`	`262`	`{`
`263`	`263`	`constchar*errstr;`
`264`	`264`	`char*cdetail;`
`@@ -394,7 +394,7 @@ void`
`394`	`394`	`ClientAuthentication(Port*port)`
`395`	`395`	`{`
`396`	`396`	`intstatus=STATUS_ERROR;`
`397`		`-constchar*logdetail=NULL;`
	`397`	`+char*logdetail=NULL;`
`398`	`398`
`399`	`399`	`/*`
`400`	`400`	`* Get the authentication method to use for this frontend/database`
`@@ -780,7 +780,7 @@ recv_password_packet(Port *port)`
`780`	`780`	`* Plaintext password authentication.`
`781`	`781`	`*/`
`782`	`782`	`staticint`
`783`		`-CheckPasswordAuth(Portport,constchar*logdetail)`
	`783`	`+CheckPasswordAuth(Portport,char*logdetail)`
`784`	`784`	`{`
`785`	`785`	`char*passwd;`
`786`	`786`	`intresult;`
`@@ -815,7 +815,7 @@ CheckPasswordAuth(Port port, const char *logdetail)`
`815`	`815`	`* MD5 and SCRAM authentication.`
`816`	`816`	`*/`
`817`	`817`	`staticint`
`818`		`-CheckPWChallengeAuth(Portport,constchar*logdetail)`
	`818`	`+CheckPWChallengeAuth(Portport,char*logdetail)`
`819`	`819`	`{`
`820`	`820`	`intauth_result;`
`821`	`821`	`char*shadow_pass;`
`@@ -875,7 +875,7 @@ CheckPWChallengeAuth(Port port, const char *logdetail)`
`875`	`875`	`}`
`876`	`876`
`877`	`877`	`staticint`
`878`		`-CheckMD5Auth(Portport,charshadow_pass,constchar**logdetail)`
	`878`	`+CheckMD5Auth(Portport,charshadow_pass,char**logdetail)`
`879`	`879`	`{`
`880`	`880`	`charmd5Salt[4];/* Password salt */`
`881`	`881`	`char*passwd;`
`@@ -912,7 +912,7 @@ CheckMD5Auth(Port port, char shadow_pass, const char **logdetail)`
`912`	`912`	`}`
`913`	`913`
`914`	`914`	`staticint`
`915`		`-CheckSCRAMAuth(Portport,charshadow_pass,constchar**logdetail)`
	`915`	`+CheckSCRAMAuth(Portport,charshadow_pass,char**logdetail)`
`916`	`916`	`{`
`917`	`917`	`StringInfoDatasasl_mechs;`
`918`	`918`	`intmtype;`
`@@ -3240,8 +3240,6 @@ PerformRadiusTransaction(const char server, const char secret, const char *por`
`3240`	`3240`	`md5trailer=packet->vector;`
`3241`	`3241`	`for (i=0;i<encryptedpasswordlen;i+=RADIUS_VECTOR_LENGTH)`
`3242`	`3242`	`{`
`3243`		`-constchar*errstr=NULL;`
`3244`		`-`
`3245`	`3243`	`memcpy(cryptvector+strlen(secret),md5trailer,RADIUS_VECTOR_LENGTH);`
`3246`	`3244`
`3247`	`3245`	`/*`
`@@ -3250,12 +3248,10 @@ PerformRadiusTransaction(const char server, const char secret, const char *por`
`3250`	`3248`	`*/`
`3251`	`3249`	`md5trailer=encryptedpassword+i;`
`3252`	`3250`
`3253`		`-if (!pg_md5_binary(cryptvector,strlen(secret)+RADIUS_VECTOR_LENGTH,`
`3254`		`-encryptedpassword+i,&errstr))`
	`3251`	`+if (!pg_md5_binary(cryptvector,strlen(secret)+RADIUS_VECTOR_LENGTH,encryptedpassword+i))`
`3255`	`3252`	`{`
`3256`	`3253`	`ereport(LOG,`
`3257`		`-(errmsg("could not perform MD5 encryption of password: %s",`
`3258`		`-errstr)));`
	`3254`	`+(errmsg("could not perform MD5 encryption of password")));`
`3259`	`3255`	`pfree(cryptvector);`
`3260`	`3256`	`pg_freeaddrinfo_all(hint.ai_family,serveraddrs);`
`3261`	`3257`	`returnSTATUS_ERROR;`
`@@ -3340,7 +3336,6 @@ PerformRadiusTransaction(const char server, const char secret, const char *por`
`3340`	`3336`	`structtimevaltimeout;`
`3341`	`3337`	`structtimevalnow;`
`3342`	`3338`	`int64timeoutval;`
`3343`		`-constchar*errstr=NULL;`
`3344`	`3339`
`3345`	`3340`	`gettimeofday(&now,NULL);`
`3346`	`3341`	`timeoutval= (endtime.tv_sec1000000+endtime.tv_usec)- (now.tv_sec1000000+now.tv_usec);`
`@@ -3459,11 +3454,10 @@ PerformRadiusTransaction(const char server, const char secret, const char *por`
`3459`	`3454`
`3460`	`3455`	`if (!pg_md5_binary(cryptvector,`
`3461`	`3456`	`packetlength+strlen(secret),`
`3462`		`-encryptedpassword,&errstr))`
	`3457`	`+encryptedpassword))`
`3463`	`3458`	`{`
`3464`	`3459`	`ereport(LOG,`
`3465`		`-(errmsg("could not perform MD5 encryption of received packet: %s",`
`3466`		`-errstr)));`
	`3460`	`+(errmsg("could not perform MD5 encryption of received packet")));`
`3467`	`3461`	`pfree(cryptvector);`
`3468`	`3462`	`continue;`
`3469`	`3463`	`}`

`‎src/backend/libpq/crypt.c`

Lines changed: 21 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`* sent to the client, to avoid giving away user information!`
`35`	`35`	`*/`
`36`	`36`	`char*`
`37`		`-get_role_password(constcharrole,constchar*logdetail)`
	`37`	`+get_role_password(constcharrole,char*logdetail)`
`38`	`38`	`{`
`39`	`39`	`TimestampTzvuntil=0;`
`40`	`40`	`HeapTupleroleTup;`
`@@ -116,7 +116,6 @@ encrypt_password(PasswordType target_type, const char *role,`
`116`	`116`	`{`
`117`	`117`	`PasswordTypeguessed_type=get_password_type(password);`
`118`	`118`	`char*encrypted_password;`
`119`		`-constchar*errstr=NULL;`
`120`	`119`
`121`	`120`	`if (guessed_type!=PASSWORD_TYPE_PLAINTEXT)`
`122`	`121`	`{`
`@@ -133,8 +132,8 @@ encrypt_password(PasswordType target_type, const char *role,`
`133`	`132`	`encrypted_password=palloc(MD5_PASSWD_LEN+1);`
`134`	`133`
`135`	`134`	`if (!pg_md5_encrypt(password,role,strlen(role),`
`136`		`-encrypted_password,&errstr))`
`137`		`-elog(ERROR,"password encryption failed: %s",errstr);`
	`135`	`+encrypted_password))`
	`136`	`+elog(ERROR,"password encryption failed");`
`138`	`137`	`returnencrypted_password;`
`139`	`138`
`140`	`139`	`casePASSWORD_TYPE_SCRAM_SHA_256:`
`@@ -160,18 +159,17 @@ encrypt_password(PasswordType target_type, const char *role,`
`160`	`159`	`* 'client_pass' is the response given by the remote user to the MD5 challenge.`
`161`	`160`	`* 'md5_salt' is the salt used in the MD5 authentication challenge.`
`162`	`161`	`*`
`163`		`- * In the error case,save astring at *logdetail that will be sent to the`
`164`		`- * postmaster log (but not the client).`
	`162`	`+ * In the error case,optionally store a palloc'dstring at *logdetail`
	`163`	`+ *that will be sent to thepostmaster log (but not the client).`
`165`	`164`	`*/`
`166`	`165`	`int`
`167`	`166`	`md5_crypt_verify(constcharrole,constcharshadow_pass,`
`168`	`167`	`constchar*client_pass,`
`169`	`168`	`constchar*md5_salt,intmd5_salt_len,`
`170`		`-constchar**logdetail)`
	`169`	`+char**logdetail)`
`171`	`170`	`{`
`172`	`171`	`intretval;`
`173`	`172`	`charcrypt_pwd[MD5_PASSWD_LEN+1];`
`174`		`-constchar*errstr=NULL;`
`175`	`173`
`176`	`174`	`Assert(md5_salt_len>0);`
`177`	`175`
`@@ -185,13 +183,16 @@ md5_crypt_verify(const char role, const char shadow_pass,`
`185`	`183`
`186`	`184`	`/*`
`187`	`185`	`* Compute the correct answer for the MD5 challenge.`
	`186`	`+ *`
	`187`	`+ * We do not bother setting logdetail for any pg_md5_encrypt failure`
	`188`	`+ * below: the only possible error is out-of-memory, which is unlikely, and`
	`189`	`+ * if it did happen adding a psprintf call would only make things worse.`
`188`	`190`	`*/`
`189`	`191`	`/* stored password already encrypted, only do salt */`
`190`	`192`	`if (!pg_md5_encrypt(shadow_pass+strlen("md5"),`
`191`	`193`	`md5_salt,md5_salt_len,`
`192`		`-crypt_pwd,&errstr))`
	`194`	`+crypt_pwd))`
`193`	`195`	`{`
`194`		`-*logdetail=errstr;`
`195`	`196`	`returnSTATUS_ERROR;`
`196`	`197`	`}`
`197`	`198`
`@@ -214,16 +215,15 @@ md5_crypt_verify(const char role, const char shadow_pass,`
`214`	`215`	`* pg_authid.rolpassword.`
`215`	`216`	`* 'client_pass' is the password given by the remote user.`
`216`	`217`	`*`
`217`		`- * In the error case, store a string at *logdetail that will be sent to the`
`218`		`- * postmaster log (but not the client).`
	`218`	`+ * In the error case,optionallystore apalloc'dstring at *logdetail`
	`219`	`+ *that will be sent to thepostmaster log (but not the client).`
`219`	`220`	`*/`
`220`	`221`	`int`
`221`	`222`	`plain_crypt_verify(constcharrole,constcharshadow_pass,`
`222`	`223`	`constchar*client_pass,`
`223`		`-constchar**logdetail)`
	`224`	`+char**logdetail)`
`224`	`225`	`{`
`225`	`226`	`charcrypt_client_pass[MD5_PASSWD_LEN+1];`
`226`		`-constchar*errstr=NULL;`
`227`	`227`
`228`	`228`	`/*`
`229`	`229`	`* Client sent password in plaintext. If we have an MD5 hash stored, hash`
`@@ -251,10 +251,14 @@ plain_crypt_verify(const char role, const char shadow_pass,`
`251`	`251`	`if (!pg_md5_encrypt(client_pass,`
`252`	`252`	`role,`
`253`	`253`	`strlen(role),`
`254`		`-crypt_client_pass,`
`255`		`-&errstr))`
	`254`	`+crypt_client_pass))`
`256`	`255`	`{`
`257`		`-*logdetail=errstr;`
	`256`	`+/*`
	`257`	`+ * We do not bother setting logdetail for pg_md5_encrypt`
	`258`	`+ * failure: the only possible error is out-of-memory, which is`
	`259`	`+ * unlikely, and if it did happen adding a psprintf call would`
	`260`	`+ * only make things worse.`
	`261`	`+ */`
`258`	`262`	`returnSTATUS_ERROR;`
`259`	`263`	`}`
`260`	`264`	`if (strcmp(crypt_client_pass,shadow_pass)==0)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitad5b6f2

File tree

19 files changed

19 files changed

`‎contrib/passwordcheck/passwordcheck.c`

`‎contrib/pgcrypto/internal-sha2.c`

`‎contrib/pgcrypto/internal.c`

`‎contrib/uuid-ossp/uuid-ossp.c`

`‎src/backend/commands/user.c`

`‎src/backend/libpq/auth-scram.c`

`‎src/backend/libpq/auth.c`

`‎src/backend/libpq/crypt.c`

0 commit comments