diff options
-rw-r--r-- | src/interfaces/libpq/fe-auth-scram.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 7fa7f34c80..4cdf9ba93b 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -462,6 +462,12 @@ read_server_first_message(fe_scram_state *state, char *input, state->saltlen = pg_b64_decode(encoded_salt, strlen(encoded_salt), state->salt); + if (state->saltlen < 0) + { + printfPQExpBuffer(errormessage, + libpq_gettext("malformed SCRAM message (invalid salt)\n")); + return false; + } iterations_str = read_attr_value(&input, 'i', errormessage); if (iterations_str == NULL) @@ -492,6 +498,7 @@ read_server_final_message(fe_scram_state *state, char *input, PQExpBuffer errormessage) { char *encoded_server_signature; + char *decoded_server_signature; int server_signature_len; state->server_final_message = strdup(input); @@ -525,15 +532,27 @@ read_server_final_message(fe_scram_state *state, char *input, printfPQExpBuffer(errormessage, libpq_gettext("malformed SCRAM message (garbage at end of server-final-message)\n")); + server_signature_len = pg_b64_dec_len(strlen(encoded_server_signature)); + decoded_server_signature = malloc(server_signature_len); + if (!decoded_server_signature) + { + printfPQExpBuffer(errormessage, + libpq_gettext("out of memory\n")); + return false; + } + server_signature_len = pg_b64_decode(encoded_server_signature, strlen(encoded_server_signature), - state->ServerSignature); + decoded_server_signature); if (server_signature_len != SCRAM_KEY_LEN) { + free(decoded_server_signature); printfPQExpBuffer(errormessage, libpq_gettext("malformed SCRAM message (invalid server signature)\n")); return false; } + memcpy(state->ServerSignature, decoded_server_signature, SCRAM_KEY_LEN); + free(decoded_server_signature); return true; } |