granicus.if.org Git - postgresql/commit

author	Michael Paquier <michael@paquier.xyz>
	Tue, 23 Apr 2019 06:43:32 +0000 (15:43 +0900)
committer	Michael Paquier <michael@paquier.xyz>
	Tue, 23 Apr 2019 06:43:32 +0000 (15:43 +0900)
commit	7f56d43663dd06e23aeb9a5265d3e16e8616e9d8
tree	b4a26ed7f7f6549be0b6c5d1491d3e8f1ea8887a	tree \| snapshot
parent	cee3cfd75c20b14a3a38c4408e798f1c51701477	commit \| diff

Fix detection of passwords hashed with MD5 or SCRAM-SHA-256

This commit fixes a couple of issues related to the way password
verifiers hashed with MD5 or SCRAM-SHA-256 are detected, leading to
being able to store in catalogs passwords which do not follow the
supported hash formats:
- A MD5-hashed entry was checked based on if its header uses "md5" and
if the string length matches what is expected. Unfortunately the code
never checked if the hash only used hexadecimal characters, as reported
by Tom Lane.
- A SCRAM-hashed entry was checked based on only its header, which
should be "SCRAM-SHA-256$", but it never checked for any fields
afterwards, as reported by Jonathan Katz.

Backpatch down to v10, which is where SCRAM has been introduced, and
where password verifiers in plain format have been removed.

Author: Jonathan Katz
Reviewed-by: Tom Lane, Michael Paquier
Discussion: https://postgr.es/m/016deb6b-1f0a-8e9f-1833-a8675b170aa9@postgresql.org
Backpatch-through: 10

src/backend/libpq/auth-scram.c		diff \| blob \| history
src/backend/libpq/crypt.c		diff \| blob \| history
src/include/common/md5.h		diff \| blob \| history
src/include/libpq/scram.h		diff \| blob \| history
src/test/regress/expected/password.out		diff \| blob \| history
src/test/regress/sql/password.sql		diff \| blob \| history