public inbox for [email protected]help / color / mirror / Atom feed
pgsql: Fix integer-overflow problem in scram_SaltedPassword() 3+ messages / 1 participants [nested] [flat]
* pgsql: Fix integer-overflow problem in scram_SaltedPassword() @ 2025-03-26 08:47 Richard Guo <[email protected]> 0 siblings, 0 replies; 3+ messages in thread From: Richard Guo @ 2025-03-26 08:47 UTC (permalink / raw) To: [email protected] Fix integer-overflow problem in scram_SaltedPassword() Setting the iteration count for SCRAM secret generation to INT_MAX will cause an infinite loop in scram_SaltedPassword() due to integer overflow, as the loop uses the "i <= iterations" comparison. To fix, use "i < iterations" instead. Back-patch to v16 where the user-settable GUC scram_iterations has been added. Author: Kevin K Biju <[email protected]> Reviewed-by: Richard Guo <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/7c82b4f711877b175142bb2b2a6e2c2ee2429441 Modified Files -------------- src/common/scram-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ^ permalink raw reply [nested|flat] 3+ messages in thread
* pgsql: Fix integer-overflow problem in scram_SaltedPassword() @ 2025-03-26 08:50 Richard Guo <[email protected]> 0 siblings, 0 replies; 3+ messages in thread From: Richard Guo @ 2025-03-26 08:50 UTC (permalink / raw) To: [email protected] Fix integer-overflow problem in scram_SaltedPassword() Setting the iteration count for SCRAM secret generation to INT_MAX will cause an infinite loop in scram_SaltedPassword() due to integer overflow, as the loop uses the "i <= iterations" comparison. To fix, use "i < iterations" instead. Back-patch to v16 where the user-settable GUC scram_iterations has been added. Author: Kevin K Biju <[email protected]> Reviewed-by: Richard Guo <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com Branch ------ REL_17_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/34fbfe1f57d84163fea4e234bf78d3b5fd5364b1 Modified Files -------------- src/common/scram-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ^ permalink raw reply [nested|flat] 3+ messages in thread
* pgsql: Fix integer-overflow problem in scram_SaltedPassword() @ 2025-03-26 08:52 Richard Guo <[email protected]> 0 siblings, 0 replies; 3+ messages in thread From: Richard Guo @ 2025-03-26 08:52 UTC (permalink / raw) To: [email protected] Fix integer-overflow problem in scram_SaltedPassword() Setting the iteration count for SCRAM secret generation to INT_MAX will cause an infinite loop in scram_SaltedPassword() due to integer overflow, as the loop uses the "i <= iterations" comparison. To fix, use "i < iterations" instead. Back-patch to v16 where the user-settable GUC scram_iterations has been added. Author: Kevin K Biju <[email protected]> Reviewed-by: Richard Guo <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com Branch ------ REL_16_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/de1484736dbef86a1b0b92544030ae655b1b2af3 Modified Files -------------- src/common/scram-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2025-03-26 08:52 UTC | newest] Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2025-03-26 08:47 pgsql: Fix integer-overflow problem in scram_SaltedPassword() Richard Guo <[email protected]> 2025-03-26 08:50 pgsql: Fix integer-overflow problem in scram_SaltedPassword() Richard Guo <[email protected]> 2025-03-26 08:52 pgsql: Fix integer-overflow problem in scram_SaltedPassword() Richard Guo <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox