Restrict password hash length.
Commit 6aa44060a3 removed pg_authid's TOAST table because the only
varlena column is rolpassword, which cannot be de-TOASTed during
authentication because we haven't selected a database yet and
cannot read pg_class. Since that change, attempts to set password
hashes that require out-of-line storage will fail with a "row is
too big" error. This error message might be confusing to users.
This commit places a limit on the length of password hashes so that
attempts to set long password hashes will fail with a more
user-friendly error. The chosen limit of 512 bytes should be
sufficient to avoid "row is too big" errors independent of BLCKSZ,
but it should also be lenient enough for all reasonable use-cases
(or at least all the use-cases we could imagine).
Reviewed-by: Tom Lane, Jonathan Katz, Michael Paquier, Jacob Champion
Discussion: https://postgr.es/m/89e8649c-eb74-db25-7945-6d6b23992394%40gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/8275325a06ed91c053e046422a193dc6d56a70c5
Modified Files
--------------
src/backend/libpq/crypt.c | 60 ++++++++++++++++++++++++----------
src/include/libpq/crypt.h | 10 ++++++
src/test/regress/expected/password.out | 7 ++++
src/test/regress/sql/password.sql | 4 +++
4 files changed, 63 insertions(+), 18 deletions(-)
