diff options
| author | Heikki Linnakangas | 2017-03-07 17:00:22 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2017-03-07 17:00:22 +0000 |
| commit | 95c1dbcdfffcc3a77e693c3c2759e26a01f465c8 (patch) | |
| tree | d671488f0ef3412fd108b73625fc41d1f7aac18a | |
| parent | 3bc7dafa9bebbdaa1bbf0da0798d29a8bdaf6a8f (diff) | |
A collection of small fixes for the SCRAM patch.
* Add required #includes for htonl. Per buildfarm members pademelon/gaur.
* Remove unnecessary "#include <utils/memutils>".
* Fix checking for empty string in pg_SASL_init. (Reported by Peter
Eisentraut and his compiler)
* Move code in pg_SASL_init to match the recent changes (commit ba005f193d)
to pg_fe_sendauth() function, where it's copied from.
* Return value of malloc() was not checked for NULL in
scram_SaltedPassword(). Fix by avoiding the malloc().
| -rw-r--r-- | src/common/scram-common.c | 30 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 7 |
2 files changed, 14 insertions, 23 deletions
diff --git a/src/common/scram-common.c b/src/common/scram-common.c index 0a36daec24..e44f38f652 100644 --- a/src/common/scram-common.c +++ b/src/common/scram-common.c @@ -15,11 +15,14 @@ */ #ifndef FRONTEND #include "postgres.h" -#include "utils/memutils.h" #else #include "postgres_fe.h" #endif +/* for htonl */ +#include <netinet/in.h> +#include <arpa/inet.h> + #include "common/scram-common.h" #define HMAC_IPAD 0x36 @@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result) } /* - * Normalize a password for SCRAM authentication. + * Encrypt password for SCRAM authentication. This basically applies the + * normalization of the password and a hash calculation using the salt + * value given by caller. */ static void -scram_Normalize(const char *password, char *result) +scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations, + uint8 *result) { /* * XXX: Here SASLprep should be applied on password. However, per RFC5802, @@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result) * the frontend in order to be able to encode properly this string, and * then apply SASLprep on it. */ - memcpy(result, password, strlen(password) + 1); -} - -/* - * Encrypt password for SCRAM authentication. This basically applies the - * normalization of the password and a hash calculation using the salt - * value given by caller. - */ -static void -scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations, - uint8 *result) -{ - char *pwbuf; - pwbuf = (char *) malloc(strlen(password) + 1); - scram_Normalize(password, pwbuf); - scram_Hi(pwbuf, salt, saltlen, iterations, result); - free(pwbuf); + scram_Hi(password, salt, saltlen, iterations, result); } /* diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index c69260b522..5fe7e565a0 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism) */ if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0) { - char *password = conn->connhost[conn->whichhost].password; + char *password; + conn->password_needed = true; + password = conn->connhost[conn->whichhost].password; if (password == NULL) password = conn->pgpass; - conn->password_needed = true; - if (password == NULL || password == '\0') + if (password == NULL || password[0] == '\0') { printfPQExpBuffer(&conn->errorMessage, PQnoPasswordSupplied); |