fail_for_long_scram_hash.patch
text/plain
Filename: fail_for_long_scram_hash.patch
Type: text/plain
Part: 0
Message:
Re: Should rolpassword be toastable?
Patch
Format: unified
| File | + | − |
|---|---|---|
| src/backend/libpq/crypt.c | 13 | 0 |
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index 629e51e00b..a723e8219a 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -121,6 +121,19 @@ encrypt_password(PasswordType target_type, const char *role,
if (guessed_type != PASSWORD_TYPE_PLAINTEXT)
{
+ /*
+ * Valid SCRAM-SHA-256 hashes can have very long "iterations" and
+ * "salt" fields, but we don't want to store anything that might get
+ * TOASTed, since de-TOASTing won't work during authentication because
+ * we haven't selected a database yet and cannot read pg_class. 256
+ * bytes should be more than enough for all practical use, so fail for
+ * anything longer.
+ */
+ if (guessed_type == PASSWORD_TYPE_SCRAM_SHA_256 &&
+ strlen(password) > 256)
+ ereport(ERROR,
+ (errmsg("SCRAM-SHA-256 hash is too long")));
+
/*
* Cannot convert an already-encrypted password from one format to
* another, so return it as it is.