Clean up error message reported after \password encryption failure.

tglsfdc · tglsfdc · commit 9cb5518b7ff6 · 2022-01-11T12:03:06.000-05:00
Experimenting with FIPS mode enabled, I saw regression=# \password joe Enter new password for user "joe": Enter it again: could not encrypt password: disabled for FIPS out of memory because PQencryptPasswordConn was still of the opinion that "out of memory" is always appropriate to print. Minor oversight in b69aba7. Like that one, back-patch to v14.
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -1290,6 +1290,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 	if (strcmp(algorithm, "scram-sha-256") == 0)
 	{
 		crypt_pwd = pg_fe_scram_build_secret(passwd);
+		/* We assume the only possible failure is OOM */
+		if (!crypt_pwd)
+			appendPQExpBufferStr(&conn->errorMessage,
+								 libpq_gettext("out of memory\n"));
 	}
 	else if (strcmp(algorithm, "md5") == 0)
 	{
@@ -1307,6 +1311,9 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 				crypt_pwd = NULL;
 			}
 		}
+		else
+			appendPQExpBufferStr(&conn->errorMessage,
+								 libpq_gettext("out of memory\n"));
 	}
 	else
 	{
@@ -1316,9 +1323,5 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		return NULL;
 	}
 
-	if (!crypt_pwd)
-		appendPQExpBufferStr(&conn->errorMessage,
-							 libpq_gettext("out of memory\n"));
-
 	return crypt_pwd;
 }

Original file line number	Diff line number	Diff line change
`@@ -1290,6 +1290,10 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1290`	`1290`	`if (strcmp(algorithm, "scram-sha-256") == 0)`
`1291`	`1291`	`{`
`1292`	`1292`	`crypt_pwd = pg_fe_scram_build_secret(passwd);`
	`1293`	`+ /* We assume the only possible failure is OOM */`
	`1294`	`+ if (!crypt_pwd)`
	`1295`	`+ appendPQExpBufferStr(&conn->errorMessage,`
	`1296`	`+ libpq_gettext("out of memory\n"));`
`1293`	`1297`	`}`
`1294`	`1298`	`else if (strcmp(algorithm, "md5") == 0)`
`1295`	`1299`	`{`
`@@ -1307,6 +1311,9 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1307`	`1311`	`crypt_pwd = NULL;`
`1308`	`1312`	`}`
`1309`	`1313`	`}`
	`1314`	`+ else`
	`1315`	`+ appendPQExpBufferStr(&conn->errorMessage,`
	`1316`	`+ libpq_gettext("out of memory\n"));`
`1310`	`1317`	`}`
`1311`	`1318`	`else`
`1312`	`1319`	`{`
`@@ -1316,9 +1323,5 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1316`	`1323`	`return NULL;`
`1317`	`1324`	`}`
`1318`	`1325`
`1319`		`- if (!crypt_pwd)`
`1320`		`- appendPQExpBufferStr(&conn->errorMessage,`
`1321`		`- libpq_gettext("out of memory\n"));`
`1322`		`-`
`1323`	`1326`	`return crypt_pwd;`
`1324`	`1327`	`}`