Home > mailing lists

pgsql: Fix integer-overflow problem in scram_SaltedPassword() - Mailing list pgsql-committers

From	Richard Guo
Subject	pgsql: Fix integer-overflow problem in scram_SaltedPassword()
Date	March 26 11:50:31
Msg-id	E1txMT0-0013jc-1r@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix integer-overflow problem in scram_SaltedPassword()

Setting the iteration count for SCRAM secret generation to INT_MAX
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison.  To fix,
use "i < iterations" instead.

Back-patch to v16 where the user-settable GUC scram_iterations has
been added.

Author: Kevin K Biju <kevinkbiju@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com

Branch
------
REL_17_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/34fbfe1f57d84163fea4e234bf78d3b5fd5364b1

Modified Files
--------------
src/common/scram-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

pgsql-committers by date:

From: Richard Guo
Date: 26 March, 11:47:57
Subject: pgsql: Fix integer-overflow problem in scram_SaltedPassword()

From: Richard Guo
Date: 26 March, 11:52:23
Subject: pgsql: Fix integer-overflow problem in scram_SaltedPassword()

pgsql: Fix integer-overflow problem in scram_SaltedPassword() - Mailing list pgsql-committers

Previous

Next