summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Eisentraut2019-08-20 20:25:58 +0000
committerPeter Eisentraut2019-08-20 20:33:06 +0000
commitdb1f28917bac5e008dcb2653a54e73d2d0571e06 (patch)
tree03dd86197195b9811403e1d51192188925796595
parentf8cf524da15ec4d8fad26aeff44af9928d30eb3d (diff)
Clean up some SCRAM attribute processing
Correct the comment for read_any_attr(). Give a clearer error message when parsing at the end of the string, when the client-final-message does not contain a "p" attribute (for some reason). Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://www.postgresql.org/message-id/flat/2fb8a15b-de35-682d-a77b-edcc9c52fa12%402ndquadrant.com
-rw-r--r--src/backend/libpq/auth-scram.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index aa918839fb9..68792cb45e7 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -790,7 +790,8 @@ sanitize_str(const char *s)
/*
* Read the next attribute and value in a SCRAM exchange message.
*
- * Returns NULL if there is attribute.
+ * The attribute character is set in *attr_p, the attribute value is the
+ * return value.
*/
static char *
read_any_attr(char **input, char *attr_p)
@@ -799,6 +800,12 @@ read_any_attr(char **input, char *attr_p)
char *end;
char attr = *begin;
+ if (attr == '\0')
+ ereport(ERROR,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("malformed SCRAM message"),
+ errdetail("Attribute expected, but found end of string.")));
+
/*------
* attr-val = ALPHA "=" value
* ;; Generic syntax of any attribute sent
@@ -1298,7 +1305,7 @@ read_client_final_message(scram_state *state, const char *input)
state->client_final_nonce = read_attr_value(&p, 'r');
- /* ignore optional extensions */
+ /* ignore optional extensions, read until we find "p" attribute */
do
{
proof = p - 1;