Home > mailing lists

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date	April 23, 2019 04:10:49
Msg-id	10698.1555981849@sss.pgh.pa.us Whole thread Raw
In response to	Re: Possible to store invalid SCRAM-SHA-256 Passwords (Michael Paquier <michael@paquier.xyz>)
Responses	Re: Possible to store invalid SCRAM-SHA-256 Passwords ("Jonathan S. Katz" <jkatz@postgresql.org>)
List	pgsql-bugs

Tree view

Michael Paquier <michael@paquier.xyz> writes:
> There is no point for the second strlen() check, as strspn does the
> same work.

Um, no --- the strspn call will count the number of bytes of hex
data, but without also checking strlen, you don't know that there's
not non-hex trailing junk.

            regards, tom lane

pgsql-bugs by date:

From: Michael Paquier
Date: 23 April 2019, 04:01:42
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords

From: "Jonathan S. Katz"
Date: 23 April 2019, 04:16:49
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

Previous

Next