]> granicus.if.org Git - postgresql/commitdiff
A collection of small fixes for the SCRAM patch.
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Tue, 7 Mar 2017 17:00:22 +0000 (19:00 +0200)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Tue, 7 Mar 2017 17:00:22 +0000 (19:00 +0200)
* Add required #includes for htonl. Per buildfarm members pademelon/gaur.

* Remove unnecessary "#include <utils/memutils>".

* Fix checking for empty string in pg_SASL_init. (Reported by Peter
  Eisentraut and his compiler)

* Move code in pg_SASL_init to match the recent changes (commit ba005f193d)
  to pg_fe_sendauth() function, where it's copied from.

* Return value of malloc() was not checked for NULL in
  scram_SaltedPassword(). Fix by avoiding the malloc().

src/common/scram-common.c
src/interfaces/libpq/fe-auth.c

index 0a36daec2460d366215ef30b7b0d363059ffa846..e44f38f6520eb5474a6de90b15f0bab0de60e18a 100644 (file)
  */
 #ifndef FRONTEND
 #include "postgres.h"
-#include "utils/memutils.h"
 #else
 #include "postgres_fe.h"
 #endif
 
+/* for htonl */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
 #include "common/scram-common.h"
 
 #define HMAC_IPAD 0x36
@@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result)
 }
 
 /*
- * Normalize a password for SCRAM authentication.
+ * Encrypt password for SCRAM authentication. This basically applies the
+ * normalization of the password and a hash calculation using the salt
+ * value given by caller.
  */
 static void
-scram_Normalize(const char *password, char *result)
+scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
+                                        uint8 *result)
 {
        /*
         * XXX: Here SASLprep should be applied on password. However, per RFC5802,
@@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result)
         * the frontend in order to be able to encode properly this string, and
         * then apply SASLprep on it.
         */
-       memcpy(result, password, strlen(password) + 1);
-}
-
-/*
- * Encrypt password for SCRAM authentication. This basically applies the
- * normalization of the password and a hash calculation using the salt
- * value given by caller.
- */
-static void
-scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
-                                        uint8 *result)
-{
-       char       *pwbuf;
 
-       pwbuf = (char *) malloc(strlen(password) + 1);
-       scram_Normalize(password, pwbuf);
-       scram_Hi(pwbuf, salt, saltlen, iterations, result);
-       free(pwbuf);
+       scram_Hi(password, salt, saltlen, iterations, result);
 }
 
 /*
index c69260b5226422f54b0dcd56727339ca01f8f22e..5fe7e565a01a4d9b98ced15159a350f38f3319e6 100644 (file)
@@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism)
         */
        if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
        {
-               char       *password = conn->connhost[conn->whichhost].password;
+               char       *password;
 
+               conn->password_needed = true;
+               password = conn->connhost[conn->whichhost].password;
                if (password == NULL)
                        password = conn->pgpass;
-               conn->password_needed = true;
-               if (password == NULL || password == '\0')
+               if (password == NULL || password[0] == '\0')
                {
                        printfPQExpBuffer(&conn->errorMessage,
                                                          PQnoPasswordSupplied);