From db1f28917bac5e008dcb2653a54e73d2d0571e06 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 20 Aug 2019 22:25:58 +0200 Subject: [PATCH] Clean up some SCRAM attribute processing Correct the comment for read_any_attr(). Give a clearer error message when parsing at the end of the string, when the client-final-message does not contain a "p" attribute (for some reason). Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/flat/2fb8a15b-de35-682d-a77b-edcc9c52fa12%402ndquadrant.com --- src/backend/libpq/auth-scram.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index aa918839fb9..68792cb45e7 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -790,7 +790,8 @@ sanitize_str(const char *s) /* * Read the next attribute and value in a SCRAM exchange message. * - * Returns NULL if there is attribute. + * The attribute character is set in *attr_p, the attribute value is the + * return value. */ static char * read_any_attr(char **input, char *attr_p) @@ -799,6 +800,12 @@ read_any_attr(char **input, char *attr_p) char *end; char attr = *begin; + if (attr == '\0') + ereport(ERROR, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("malformed SCRAM message"), + errdetail("Attribute expected, but found end of string."))); + /*------ * attr-val = ALPHA "=" value * ;; Generic syntax of any attribute sent @@ -1298,7 +1305,7 @@ read_client_final_message(scram_state *state, const char *input) state->client_final_nonce = read_attr_value(&p, 'r'); - /* ignore optional extensions */ + /* ignore optional extensions, read until we find "p" attribute */ do { proof = p - 1;