Fix error handling of pg_b64_decode()

Fix for commit 761c79508e7. The previous error handling logic was not quite correct. Discussion: https://www.postgresql.org/message-id/flat/CAEudQAq-3yHsSdWoOOaw%2BgAQYgPMpMGuB5pt2yCXgv-YuxG2Hg%40mail.gmail.com
2025-05-02 11:44:50 +03:00 · 2025-01-16 09:02:21 +01:00 · 2025-01-16 09:02:21 +01:00 · d278541be4
commit d278541be4
parent ff030ebe25
1 changed files with 30 additions and 18 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -1805,18 +1805,24 @@ pqConnectOptions2(PGconn *conn)
 		int			len;

 		len = pg_b64_dec_len(strlen(conn->scram_client_key));
-		/* Consider the zero-terminator */
-		if (len != SCRAM_MAX_KEY_LEN + 1)
-		{
-			libpq_append_conn_error(conn, "invalid SCRAM client key length: %d", len);
-			return false;
-		}
-		conn->scram_client_key_len = len;
 		conn->scram_client_key_binary = malloc(len);
 		if (!conn->scram_client_key_binary)
 			goto oom_error;
-		pg_b64_decode(conn->scram_client_key, strlen(conn->scram_client_key),
-					  conn->scram_client_key_binary, len);
+		len = pg_b64_decode(conn->scram_client_key, strlen(conn->scram_client_key),
+							conn->scram_client_key_binary, len);
+		if (len < 0)
+		{
+			libpq_append_conn_error(conn, "invalid SCRAM client key");
+			free(conn->scram_client_key_binary);
+			return false;
+		}
+		if (len != SCRAM_MAX_KEY_LEN)
+		{
+			libpq_append_conn_error(conn, "invalid SCRAM client key length: %d", len);
+			free(conn->scram_client_key_binary);
+			return false;
+		}
+		conn->scram_client_key_len = len;
 	}

 	if (conn->scram_server_key)
@ -1824,18 +1830,24 @@ pqConnectOptions2(PGconn *conn)
 		int			len;

 		len = pg_b64_dec_len(strlen(conn->scram_server_key));
-		/* Consider the zero-terminator */
-		if (len != SCRAM_MAX_KEY_LEN + 1)
-		{
-			libpq_append_conn_error(conn, "invalid SCRAM server key length: %d", len);
-			return false;
-		}
-		conn->scram_server_key_len = len;
 		conn->scram_server_key_binary = malloc(len);
 		if (!conn->scram_server_key_binary)
 			goto oom_error;
-		pg_b64_decode(conn->scram_server_key, strlen(conn->scram_server_key),
-					  conn->scram_server_key_binary, len);
+		len = pg_b64_decode(conn->scram_server_key, strlen(conn->scram_server_key),
+							conn->scram_server_key_binary, len);
+		if (len < 0)
+		{
+			libpq_append_conn_error(conn, "invalid SCRAM server key");
+			free(conn->scram_server_key_binary);
+			return false;
+		}
+		if (len != SCRAM_MAX_KEY_LEN)
+		{
+			libpq_append_conn_error(conn, "invalid SCRAM server key length: %d", len);
+			free(conn->scram_server_key_binary);
+			return false;
+		}
+		conn->scram_server_key_len = len;
 	}

 	/*