summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f186f90)
raw | patch | inline | side by side (parent: f186f90)
| author | Richard Guo <rguo@postgresql.org> | |
| Wed, 26 Mar 2025 08:46:51 +0000 (17:46 +0900) | ||
| committer | Richard Guo <rguo@postgresql.org> | |
| Wed, 26 Mar 2025 08:49:57 +0000 (17:49 +0900) |
Setting the iteration count for SCRAM secret generation to INT_MAX
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison. To fix,
use "i < iterations" instead.
Back-patch to v16 where the user-settable GUC scram_iterations has
been added.
Author: Kevin K Biju <kevinkbiju@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison. To fix,
use "i < iterations" instead.
Back-patch to v16 where the user-settable GUC scram_iterations has
been added.
Author: Kevin K Biju <kevinkbiju@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
| src/common/scram-common.c | patch | blob | blame | history |
index 51cc12e8c3e3386e2d89af2d671ac0a46b9463b1..c36ed7124c2a2e8df6e298df3d0d379708f4d9eb 100644 (file)
memcpy(result, Ui_prev, key_length);
/* Subsequent iterations */
- for (i = 2; i <= iterations; i++)
+ for (i = 1; i < iterations; i++)
{
#ifndef FRONTEND
/*