upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-15 16:48:17 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Richard Guo de1484736d Fix integer-overflow problem in scram_SaltedPassword() 
Setting the iteration count for SCRAM secret generation to INT_MAX
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison.  To fix,
use "i < iterations" instead.

Back-patch to v16 where the user-settable GUC scram_iterations has
been added.

Author: Kevin K Biju <kevinkbiju@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
2025-03-26 17:51:44 +09:00
..
backend Fix rare assertion failure in standby, if primary is restarted 2025-03-23 20:41:54 +02:00
bin pg_upgrade: Fix inconsistency in memory freeing 2025-02-28 10:15:34 +09:00
common Fix integer-overflow problem in scram_SaltedPassword() 2025-03-26 17:51:44 +09:00
fe_utils In fmtIdEnc(), handle failure of enlargePQExpBuffer(). 2025-02-16 12:46:35 -05:00
include Fix broken handling of domains in atthasmissing logic. 2025-03-03 12:43:29 -05:00
interfaces Translation updates 2025-02-17 17:51:30 +01:00
makefiles Use --strip-unneeded when stripping static libraries with GNU strip. 2023-04-20 18:12:32 -04:00
pl Fix plpgsql's handling of simple expressions in scrollable cursors. 2025-03-21 11:30:42 -04:00
port Fix pg_strtof() to not crash on NULL endptr. 2025-03-01 14:22:56 -05:00
template Use unnamed POSIX semaphores on Cygwin. 2023-01-06 10:33:28 +13:00
test Fix ARRAY_SUBLINK and ARRAY[] for int2vector and oidvector input. 2025-03-13 16:07:55 -04:00
timezone Update time zone data files to tzdata release 2025a. 2025-01-20 16:49:15 -05:00
tools meson: Flush stdout in testwrap 2025-03-19 09:04:10 -04:00
tutorial Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
.gitignore
DEVELOPERS
Makefile Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
Makefile.global.in Suppress macOS warnings about duplicate libraries in link commands. 2023-09-29 14:07:30 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
meson.build Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
nls-global.mk Fix for make unportability 2022-07-13 09:15:01 +02:00