[pgpool-committers: 6618] pgpool: Fix SCRAM auth handling bug.
Tatsuo Ishii
ishii at sraoss.co.jp
Fri Mar 13 09:33:21 JST 2020
Fix SCRAM auth handling bug.
Comment on the patch from the author:
The code is currently checking if "len <= 8", but len is is
network-byte-order (big-endian). It is surely meant to be checking
"message_length" instead, which is "len" coverted to host-byte-order
(see previous line of code). Under (Intel) Linux, which is
little-endian, the value of "len" will be a large number and thus
render the current error condition check ineffective [for example, in
one case that I debugged, an example value of len was 134217728
(0x08000000), meaning that message_length was actually 8].
Additionally, it seems the "<=" check should actually be "<", based on
the length values that I see when debugging this code.
Bug reported in:
https://www.pgpool.net/mantisbt/view.php?id=595
Patch author:
Greg Nancarrow (Fujitsu Australia)
Branch
------
V4_0_STABLE
Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=0447ff5c8429693f32553082fab2a5476601792b
Modified Files
--------------
src/auth/pool_auth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
More information about the pgpool-committers
mailing list