Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w22SV-000p7b-2D for pgsql-hackers@arkaria.postgresql.org; Mon, 16 Mar 2026 07:33:52 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w22SU-0088gJ-2Z for pgsql-hackers@arkaria.postgresql.org; Mon, 16 Mar 2026 07:33:51 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w22SU-0088g9-1i for pgsql-hackers@lists.postgresql.org; Mon, 16 Mar 2026 07:33:51 +0000 Received: from mail-pg1-x52e.google.com ([2607:f8b0:4864:20::52e]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w22SS-00000000MWK-3rVu for pgsql-hackers@postgresql.org; Mon, 16 Mar 2026 07:33:50 +0000 Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-c7381c4345cso1753380a12.1 for ; Mon, 16 Mar 2026 00:33:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773646428; x=1774251228; darn=postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=dedEC0E6wdMQ70ECSXJiYdNsG/COYKVS8O/m/wM4apw=; b=G9E2/rqVKOqKzCdk72RB29G80GVJzKUrbcZ0ea2qOlN61LphyDmwctbD3qBmJZRSUr 4gwskQ1gOs8faPkM8R2HCZywNcjjk/H2LjLB0kkyGPJfiSY8ZLPMh/HnJrK1Mqjq5JEl Vz+EkydVoRS2etyaSTAasGwH3LCp0Cu6vA9PwM5zqPKH9tg3AreSVSjNTqFH2b8EU8u2 wDFT8BcmFPANzUzs0LiCsXvEz8Gxzk6oqDVz+9D/g2jgJMW+MJforEkiw42kNIRtauOF AHaLmqlSk/TakiYIiXwHJKrpfk5XNoTDgPL9sOxbzhBF5hfM4UJs8IyIbiArZia8TPDN iYwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773646428; x=1774251228; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=dedEC0E6wdMQ70ECSXJiYdNsG/COYKVS8O/m/wM4apw=; b=iQlDjwBBjYe0UkSt3TPN4S53ul3j35Sp/vdLW/g4jPosAEpWcQyMvwnJl2+NVY6X/w 4dODLOsoLgRs3qDAE3vcI6NmC+m9n23lYK13UJ1+TjgXXPuXu+lnathZsqCN37roaFHg Hh4wAA9G7UES03OXcJ7MhYM5mc3gaBJ4vQcMCu3udpC+ZPUSpImtLUVQBXdrRyA3tcZe JzvXEd/5tTQ2FoIPJ7DZzhmAGBDlCcr6FI+C3YLRPF2ghetc+mZtrOKa+HgDj007SA07 YCTGNi8Y7/WRx4LsP0QyNIyctchz8D+dKisDjtNT0ZYDYxYJQq7m9ca+Ngbm3S8CumRO 3zgg== X-Forwarded-Encrypted: i=1; AJvYcCUfB9GYKSR9u9cGzQPWXLhqWd6oRJJL6H7GJD3ybm2Qjnk8CcJ7UZAY6Ab9dgOXf3h8IUiKY/jljEKWj3Sk@postgresql.org X-Gm-Message-State: AOJu0Yyd327gfZr7LJROJVwvdH+7eIGS7gsMVlckviu+zLFjhm48pdsf Z1jU9zkkz5jjGX9qz5tb1ns779nal9LybdZwds32Yq/O5RCSFgNbdlux X-Gm-Gg: ATEYQzzl4RSCjt/vSCZhY88NONhLT741Yl5sVf2OaL7kG+iRpp5uOHa8XiiFNSX/lBY Dfz0rio/YZIrFXtx06ELFIlI1BOpKCXouT5lF7Q95EpMT+82iLAgcPa8GraQ5ObZhFmCdRHvEIR /1Qan9QrXEhNVqZKhlRf95idHrQN1RoCnPUN0ENLtY6XDDkQuYUC9KRZ2/6bNSsBBgZEMHNgdCx H649jSDrVX0nrLumLu3TV7ppfVBUVJhrzbQksVgzGCB0xHSlJflQ/KQ2ssHhb++iu/9NEE4bWCc 2cl2y8MbAx25rB9CQAYBJZLH0nySOSVSKXa2att1Z+cz4iiBmhC8eoejEoJjV8dWai12LKJRFaQ yaXyXF/xPSk7WNTG70f/9R7zV4aGRMCInCI4OuUS71aSkYYzcbOBshTJ7dR3aMkbpRNaAU5ghmS 0/GR9rULIFatnrxq4rDxY9+seVmLkxrks= X-Received: by 2002:a05:6a21:1bc8:b0:394:505d:fcf8 with SMTP id adf61e73a8af0-398d79345e6mr14288074637.30.1773646428267; Mon, 16 Mar 2026 00:33:48 -0700 (PDT) Received: from smtpclient.apple ([45.32.121.103]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c7402214e1csm3574518a12.33.2026.03.16.00.33.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Mar 2026 00:33:47 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\)) Subject: Re: [oauth] Stabilize the libpq-oauth ABI (and allow alternative implementations?) From: Chao Li In-Reply-To: Date: Mon, 16 Mar 2026 15:33:10 +0800 Cc: "Jonathan Gonzalez V." , Zsolt Parragi , PostgreSQL Hackers Content-Transfer-Encoding: quoted-printable Message-Id: <821576A8-5958-401D-B8D1-7E4E30F5A40F@gmail.com> References: <3720B2E1-0B96-4063-8D63-B5AE6AFEA159@gmail.com> To: Jacob Champion X-Mailer: Apple Mail (2.3864.400.21) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On Mar 14, 2026, at 01:59, Jacob Champion = wrote: >=20 > On Fri, Mar 13, 2026 at 12:24=E2=80=AFAM Jonathan Gonzalez V. > wrote: >> While rebasing this patch[1] I notice that the test where wailing, = that >> was due to the following missing dependency in the test, small patch >> here: >=20 > Fixed in v8, thanks. >=20 > v7-0001 and -0002 are committed, plus the removal of some additional > typedefs, plus a fix for a silly bug in the Makefile that indri > caught. >=20 > --Jacob > = <= v8-0003-WIP-Introduce-third-party-OAuth-flow-plugins.patch> Hi Jacob, a few comments on v8. 1 - 0001 ``` + /* + * For uninstrumented builds, make sure request->error = wasn't touched. + */ + if (request->error) + { + fprintf(stderr, + "abort! out-of-bounds write to = PGoauthBearerRequest by PQAUTHDATA_OAUTH_BEARER_TOKEN hook\n"); + abort(); + } ``` I think this check relies on that when poisoning, request->error should = be NULL. So, does it make sense to Assert(request->error=3D=3DNULL) in = the poison branch? 2 - 0002 Overall LGTM. A small comment is that, now use_builtin_flow() = becomes a bit misleading because it may turn to non-builtin when = libpq_oauth_init is not provided by the lib. So, maybe rename the = function to something like try_builtin_flow()? Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/