Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)

Поиск
Список
Период
Сортировка
От Ranier Vilela
Тема Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)
Дата
Msg-id CAEudQAr+Lub5bjpreCyPJSMJiTw5PXqApLa8hzuNTZWBXE3U7g@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)  (Michael Paquier <michael@paquier.xyz>)
Ответы Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)  (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
Список pgsql-hackers
Дерево обсуждения
Em qui., 11 de fev. de 2021 às 09:47, Michael Paquier <michael@paquier.xyz> escreveu:
On Wed, Feb 10, 2021 at 09:14:46AM -0300, Ranier Vilela wrote:
> It is necessary to correct the interfaces. To caller, inform the size of
> the buffer it created.

Now, the patch you sent has no need to be that complicated, and it
partially works while not actually solving at all the problem you are
trying to solve (nothing done for MD5 or OpenSSL).  Attached is an
example of what I finish with while poking at this issue. There is IMO
no point to touch the internals of SCRAM that all rely on the same
digest lengths for the proof generation with SHA256.
Ok, I take a look at your patch and I have comments:

1. Looks missed contrib/pgcrypto.
2. scram_HMAC_final function still have a exchanged parameters,
    which in the future may impair maintenance.

Attached the v3 same patch.

regards,
Ranier Vilela
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Melanie Plageman
Дата:
Сообщение: Re: Parallel Full Hash Join
Следующее
От: Corey Huinker
Дата:
Сообщение: Re: parse_slash_copy doesn't support psql variables substitution