public inbox for [email protected]
help / color / mirror / Atom feedFrom: Noah Misch <[email protected]>
To: [email protected]
Subject: pgsql: Add timingsafe_bcmp(), for constant-time memory comparison
Date: Mon, 11 May 2026 12:19:40 +0000
Message-ID: <[email protected]> (raw)
Add timingsafe_bcmp(), for constant-time memory comparison
timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.
This has been initially applied as of 09be39112654 in v18 and newer
versions, and will be used in all the stable branches for an upcoming
fix.
Co-authored-by: Jelte Fennema-Nio <[email protected]>
Discussion: https://www.postgresql.org/message-id/[email protected]
Security: CVE-2026-6478
Backpatch-through: 14
Branch
------
REL_15_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/9dcfcb92fff82b398f2ba0c03eb7bea9c197aab2
Author: Heikki Linnakangas <[email protected]>
Modified Files
--------------
configure | 23 +++++++++++++++++++++++
configure.ac | 3 ++-
src/include/pg_config.h.in | 7 +++++++
src/include/port.h | 4 ++++
src/port/timingsafe_bcmp.c | 43 +++++++++++++++++++++++++++++++++++++++++++
src/tools/msvc/Mkvcbuild.pm | 2 +-
src/tools/msvc/Solution.pm | 2 ++
7 files changed, 82 insertions(+), 2 deletions(-)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: Add timingsafe_bcmp(), for constant-time memory comparison
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox