v1-0003-Increase-the-accepted-length-of-password-messages.patch
application/octet-stream
Filename: v1-0003-Increase-the-accepted-length-of-password-messages.patch
Type: application/octet-stream
Part: 1
Message:
Maximum password length
Patch
Format: format-patch
Series: patch v1-0003
Subject: Increase the accepted length of password messages to 8192.
| File | + | − |
|---|---|---|
| doc/src/sgml/client-auth.sgml | 5 | 5 |
| doc/src/sgml/libpq.sgml | 1 | 1 |
| doc/src/sgml/ref/clusterdb.sgml | 1 | 1 |
| doc/src/sgml/ref/createdb.sgml | 1 | 1 |
| doc/src/sgml/ref/createuser.sgml | 1 | 1 |
| doc/src/sgml/ref/dropdb.sgml | 1 | 1 |
| doc/src/sgml/ref/dropuser.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_basebackup.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_dumpall.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_dump.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_receivewal.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_recvlogical.sgml | 1 | 1 |
| doc/src/sgml/ref/pg_restore.sgml | 1 | 1 |
| doc/src/sgml/ref/psql-ref.sgml | 1 | 1 |
| doc/src/sgml/ref/reindexdb.sgml | 1 | 1 |
| doc/src/sgml/ref/vacuumdb.sgml | 1 | 1 |
| src/backend/libpq/auth.c | 1 | 1 |
From d79007a80b30a1fad78ca97c0a014846cb0a7ccf Mon Sep 17 00:00:00 2001
From: Nathan Bossart <bossartn@amazon.com>
Date: Fri, 12 Oct 2018 17:30:08 +0000
Subject: [PATCH v1 3/3] Increase the accepted length of password messages to
8192.
---
doc/src/sgml/client-auth.sgml | 10 +++++-----
doc/src/sgml/libpq.sgml | 2 +-
doc/src/sgml/ref/clusterdb.sgml | 2 +-
doc/src/sgml/ref/createdb.sgml | 2 +-
doc/src/sgml/ref/createuser.sgml | 2 +-
doc/src/sgml/ref/dropdb.sgml | 2 +-
doc/src/sgml/ref/dropuser.sgml | 2 +-
doc/src/sgml/ref/pg_basebackup.sgml | 2 +-
doc/src/sgml/ref/pg_dump.sgml | 2 +-
doc/src/sgml/ref/pg_dumpall.sgml | 2 +-
doc/src/sgml/ref/pg_receivewal.sgml | 2 +-
doc/src/sgml/ref/pg_recvlogical.sgml | 2 +-
doc/src/sgml/ref/pg_restore.sgml | 2 +-
doc/src/sgml/ref/psql-ref.sgml | 2 +-
doc/src/sgml/ref/reindexdb.sgml | 2 +-
doc/src/sgml/ref/vacuumdb.sgml | 2 +-
src/backend/libpq/auth.c | 2 +-
17 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 1ce581ae0a..96d4926155 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1007,7 +1007,7 @@ omicron bryanh guest1
</para>
<para>
Furthermore, it should be noted that the server restricts password messages
- to an effective limit of 995 characters. While this is enough for the
+ to an effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal> authentication
methods, it may not be enough for passwords sent in clear-text via the
method <literal>password</literal>.
@@ -1512,7 +1512,7 @@ omicron bryanh guest1
file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it should
be noted that the server restricts password messages to an effective limit
- of 995 characters, which presents an upper bound to the length of passwords
+ of 8187 characters, which presents an upper bound to the length of passwords
that will work with LDAP authentication.
</para>
</note>
@@ -1810,7 +1810,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it should
be noted that the server restricts password messages to an effective limit
- of 995 characters, which presents an upper bound to the length of passwords
+ of 8187 characters, which presents an upper bound to the length of passwords
that will work with RADIUS authentication.
</para>
</note>
@@ -1953,7 +1953,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it should
be noted that the server restricts password messages to an effective limit
- of 995 characters, which presents an upper bound to the length of passwords
+ of 8187 characters, which presents an upper bound to the length of passwords
that will work with PAM authentication.
</para>
</note>
@@ -2031,7 +2031,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it should
be noted that the server restricts password messages to an effective limit
- of 995 characters, which presents an upper bound to the length of passwords
+ of 8187 characters, which presents an upper bound to the length of passwords
that will work with BSD authentication.
</para>
</note>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 28d5c0e57c..a696a45dbc 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1104,7 +1104,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</para>
<note>
<para>
- The server restricts password messages to an effective limit of 995
+ The server restricts password messages to an effective limit of 8187
characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
diff --git a/doc/src/sgml/ref/clusterdb.sgml b/doc/src/sgml/ref/clusterdb.sgml
index 6b41910e8c..d0eb3066d7 100644
--- a/doc/src/sgml/ref/clusterdb.sgml
+++ b/doc/src/sgml/ref/clusterdb.sgml
@@ -248,7 +248,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/createdb.sgml b/doc/src/sgml/ref/createdb.sgml
index dc995bb295..b25f0562b4 100644
--- a/doc/src/sgml/ref/createdb.sgml
+++ b/doc/src/sgml/ref/createdb.sgml
@@ -283,7 +283,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml
index e1db7f96e6..9516eda553 100644
--- a/doc/src/sgml/ref/createuser.sgml
+++ b/doc/src/sgml/ref/createuser.sgml
@@ -392,7 +392,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/dropdb.sgml b/doc/src/sgml/ref/dropdb.sgml
index 5e96079d0d..acda233446 100644
--- a/doc/src/sgml/ref/dropdb.sgml
+++ b/doc/src/sgml/ref/dropdb.sgml
@@ -203,7 +203,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/dropuser.sgml b/doc/src/sgml/ref/dropuser.sgml
index 8904f68119..0fe5cb86fe 100644
--- a/doc/src/sgml/ref/dropuser.sgml
+++ b/doc/src/sgml/ref/dropuser.sgml
@@ -207,7 +207,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml
index d97a859b53..e1f78bb888 100644
--- a/doc/src/sgml/ref/pg_basebackup.sgml
+++ b/doc/src/sgml/ref/pg_basebackup.sgml
@@ -650,7 +650,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index 96b16824a8..94a1539963 100644
--- a/doc/src/sgml/ref/pg_dump.sgml
+++ b/doc/src/sgml/ref/pg_dump.sgml
@@ -1181,7 +1181,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_dumpall.sgml b/doc/src/sgml/ref/pg_dumpall.sgml
index b8c489ef55..b913c0b275 100644
--- a/doc/src/sgml/ref/pg_dumpall.sgml
+++ b/doc/src/sgml/ref/pg_dumpall.sgml
@@ -632,7 +632,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml
index 55c3580f04..e54a44defa 100644
--- a/doc/src/sgml/ref/pg_receivewal.sgml
+++ b/doc/src/sgml/ref/pg_receivewal.sgml
@@ -334,7 +334,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_recvlogical.sgml b/doc/src/sgml/ref/pg_recvlogical.sgml
index d052db8fa8..ae56dad276 100644
--- a/doc/src/sgml/ref/pg_recvlogical.sgml
+++ b/doc/src/sgml/ref/pg_recvlogical.sgml
@@ -365,7 +365,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index 726d53eba0..93f1fa2848 100644
--- a/doc/src/sgml/ref/pg_restore.sgml
+++ b/doc/src/sgml/ref/pg_restore.sgml
@@ -790,7 +790,7 @@
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml
index c49e925cc5..0dea31fb87 100644
--- a/doc/src/sgml/ref/psql-ref.sgml
+++ b/doc/src/sgml/ref/psql-ref.sgml
@@ -535,7 +535,7 @@ EOF
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/reindexdb.sgml b/doc/src/sgml/ref/reindexdb.sgml
index ddc1b7cd56..84f2eed62a 100644
--- a/doc/src/sgml/ref/reindexdb.sgml
+++ b/doc/src/sgml/ref/reindexdb.sgml
@@ -316,7 +316,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/doc/src/sgml/ref/vacuumdb.sgml b/doc/src/sgml/ref/vacuumdb.sgml
index ca7ff34816..e0eff1abeb 100644
--- a/doc/src/sgml/ref/vacuumdb.sgml
+++ b/doc/src/sgml/ref/vacuumdb.sgml
@@ -341,7 +341,7 @@ PostgreSQL documentation
(<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
environment variable (<xref linkend="libpq-envars"/>). However, it
should be noted that the server restricts password messages to an
- effective limit of 995 characters. While this is enough for the
+ effective limit of 8187 characters. While this is enough for the
<literal>scram-sha-256</literal> and <literal>md5</literal>
authentication methods, it may not be enough for passwords sent in
clear-text via methods such as <literal>password</literal>. See
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 8517565535..02d77841d1 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -679,7 +679,7 @@ recv_password_packet(Port *port)
}
initStringInfo(&buf);
- if (pq_getmessage(&buf, 1000)) /* receive password */
+ if (pq_getmessage(&buf, 8192)) /* receive password */
{
/* EOF - pq_getmessage already logged a suitable message */
pfree(buf.data);
--
2.16.2