Commit505b5d2

committed

Abort authentication if the client selected an invalid SASL mechanism.

Previously, the server would log an error, but then try to continue withSCRAM-SHA-256 anyway.Michael PaquierDiscussion:https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com

1 parent073ce40 commit505b5d2Copy full SHA for 505b5d2

File tree

-0

lines changed

-0

lines changed

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -934,9 +934,13 @@ CheckSCRAMAuth(Port port, char shadow_pass, char **logdetail)`
`934`	`934`	`*/`
`935`	`935`	`selected_mech=pq_getmsgrawstring(&buf);`
`936`	`936`	`if (strcmp(selected_mech,SCRAM_SHA256_NAME)!=0)`
	`937`	`+{`
`937`	`938`	`ereport(COMMERROR,`
`938`	`939`	`(errcode(ERRCODE_PROTOCOL_VIOLATION),`
`939`	`940`	`errmsg("client selected an invalid SASL authentication mechanism")));`
	`941`	`+pfree(buf.data);`
	`942`	`+returnSTATUS_ERROR;`
	`943`	`+}`
`940`	`944`
`941`	`945`	`inputlen=pq_getmsgint(&buf,4);`
`942`	`946`	`if (inputlen==-1)`

Comments

(0)