v1-0003-Increase-the-accepted-length-of-password-messages.patch

application/octet-stream

Filename: v1-0003-Increase-the-accepted-length-of-password-messages.patch
Type: application/octet-stream
Part: 1
Message: Maximum password length

Patch

Format: format-patch
Series: patch v1-0003
Subject: Increase the accepted length of password messages to 8192.
File+
doc/src/sgml/client-auth.sgml 5 5
doc/src/sgml/libpq.sgml 1 1
doc/src/sgml/ref/clusterdb.sgml 1 1
doc/src/sgml/ref/createdb.sgml 1 1
doc/src/sgml/ref/createuser.sgml 1 1
doc/src/sgml/ref/dropdb.sgml 1 1
doc/src/sgml/ref/dropuser.sgml 1 1
doc/src/sgml/ref/pg_basebackup.sgml 1 1
doc/src/sgml/ref/pg_dumpall.sgml 1 1
doc/src/sgml/ref/pg_dump.sgml 1 1
doc/src/sgml/ref/pg_receivewal.sgml 1 1
doc/src/sgml/ref/pg_recvlogical.sgml 1 1
doc/src/sgml/ref/pg_restore.sgml 1 1
doc/src/sgml/ref/psql-ref.sgml 1 1
doc/src/sgml/ref/reindexdb.sgml 1 1
doc/src/sgml/ref/vacuumdb.sgml 1 1
src/backend/libpq/auth.c 1 1
From d79007a80b30a1fad78ca97c0a014846cb0a7ccf Mon Sep 17 00:00:00 2001
From: Nathan Bossart <bossartn@amazon.com>
Date: Fri, 12 Oct 2018 17:30:08 +0000
Subject: [PATCH v1 3/3] Increase the accepted length of password messages to
 8192.

---
 doc/src/sgml/client-auth.sgml        | 10 +++++-----
 doc/src/sgml/libpq.sgml              |  2 +-
 doc/src/sgml/ref/clusterdb.sgml      |  2 +-
 doc/src/sgml/ref/createdb.sgml       |  2 +-
 doc/src/sgml/ref/createuser.sgml     |  2 +-
 doc/src/sgml/ref/dropdb.sgml         |  2 +-
 doc/src/sgml/ref/dropuser.sgml       |  2 +-
 doc/src/sgml/ref/pg_basebackup.sgml  |  2 +-
 doc/src/sgml/ref/pg_dump.sgml        |  2 +-
 doc/src/sgml/ref/pg_dumpall.sgml     |  2 +-
 doc/src/sgml/ref/pg_receivewal.sgml  |  2 +-
 doc/src/sgml/ref/pg_recvlogical.sgml |  2 +-
 doc/src/sgml/ref/pg_restore.sgml     |  2 +-
 doc/src/sgml/ref/psql-ref.sgml       |  2 +-
 doc/src/sgml/ref/reindexdb.sgml      |  2 +-
 doc/src/sgml/ref/vacuumdb.sgml       |  2 +-
 src/backend/libpq/auth.c             |  2 +-
 17 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 1ce581ae0a..96d4926155 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1007,7 +1007,7 @@ omicron         bryanh                  guest1
     </para>
     <para>
      Furthermore, it should be noted that the server restricts password messages
-     to an effective limit of 995 characters.  While this is enough for the
+     to an effective limit of 8187 characters.  While this is enough for the
      <literal>scram-sha-256</literal> and <literal>md5</literal> authentication
      methods, it may not be enough for passwords sent in clear-text via the
      method <literal>password</literal>.
@@ -1512,7 +1512,7 @@ omicron         bryanh                  guest1
      file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
      environment variable (<xref linkend="libpq-envars"/>).  However, it should
      be noted that the server restricts password messages to an effective limit
-     of 995 characters, which presents an upper bound to the length of passwords
+     of 8187 characters, which presents an upper bound to the length of passwords
      that will work with LDAP authentication.
     </para>
    </note>
@@ -1810,7 +1810,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
      file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
      environment variable (<xref linkend="libpq-envars"/>).  However, it should
      be noted that the server restricts password messages to an effective limit
-     of 995 characters, which presents an upper bound to the length of passwords
+     of 8187 characters, which presents an upper bound to the length of passwords
      that will work with RADIUS authentication.
     </para>
    </note>
@@ -1953,7 +1953,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
      file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
      environment variable (<xref linkend="libpq-envars"/>).  However, it should
      be noted that the server restricts password messages to an effective limit
-     of 995 characters, which presents an upper bound to the length of passwords
+     of 8187 characters, which presents an upper bound to the length of passwords
      that will work with PAM authentication.
     </para>
    </note>
@@ -2031,7 +2031,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse
      file (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
      environment variable (<xref linkend="libpq-envars"/>).  However, it should
      be noted that the server restricts password messages to an effective limit
-     of 995 characters, which presents an upper bound to the length of passwords
+     of 8187 characters, which presents an upper bound to the length of passwords
      that will work with BSD authentication.
     </para>
    </note>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 28d5c0e57c..a696a45dbc 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1104,7 +1104,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </para>
       <note>
        <para>
-        The server restricts password messages to an effective limit of 995
+        The server restricts password messages to an effective limit of 8187
         characters.  While this is enough for the
         <literal>scram-sha-256</literal> and <literal>md5</literal>
         authentication methods, it may not be enough for passwords sent in
diff --git a/doc/src/sgml/ref/clusterdb.sgml b/doc/src/sgml/ref/clusterdb.sgml
index 6b41910e8c..d0eb3066d7 100644
--- a/doc/src/sgml/ref/clusterdb.sgml
+++ b/doc/src/sgml/ref/clusterdb.sgml
@@ -248,7 +248,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/createdb.sgml b/doc/src/sgml/ref/createdb.sgml
index dc995bb295..b25f0562b4 100644
--- a/doc/src/sgml/ref/createdb.sgml
+++ b/doc/src/sgml/ref/createdb.sgml
@@ -283,7 +283,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml
index e1db7f96e6..9516eda553 100644
--- a/doc/src/sgml/ref/createuser.sgml
+++ b/doc/src/sgml/ref/createuser.sgml
@@ -392,7 +392,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/dropdb.sgml b/doc/src/sgml/ref/dropdb.sgml
index 5e96079d0d..acda233446 100644
--- a/doc/src/sgml/ref/dropdb.sgml
+++ b/doc/src/sgml/ref/dropdb.sgml
@@ -203,7 +203,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/dropuser.sgml b/doc/src/sgml/ref/dropuser.sgml
index 8904f68119..0fe5cb86fe 100644
--- a/doc/src/sgml/ref/dropuser.sgml
+++ b/doc/src/sgml/ref/dropuser.sgml
@@ -207,7 +207,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml
index d97a859b53..e1f78bb888 100644
--- a/doc/src/sgml/ref/pg_basebackup.sgml
+++ b/doc/src/sgml/ref/pg_basebackup.sgml
@@ -650,7 +650,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index 96b16824a8..94a1539963 100644
--- a/doc/src/sgml/ref/pg_dump.sgml
+++ b/doc/src/sgml/ref/pg_dump.sgml
@@ -1181,7 +1181,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_dumpall.sgml b/doc/src/sgml/ref/pg_dumpall.sgml
index b8c489ef55..b913c0b275 100644
--- a/doc/src/sgml/ref/pg_dumpall.sgml
+++ b/doc/src/sgml/ref/pg_dumpall.sgml
@@ -632,7 +632,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml
index 55c3580f04..e54a44defa 100644
--- a/doc/src/sgml/ref/pg_receivewal.sgml
+++ b/doc/src/sgml/ref/pg_receivewal.sgml
@@ -334,7 +334,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_recvlogical.sgml b/doc/src/sgml/ref/pg_recvlogical.sgml
index d052db8fa8..ae56dad276 100644
--- a/doc/src/sgml/ref/pg_recvlogical.sgml
+++ b/doc/src/sgml/ref/pg_recvlogical.sgml
@@ -365,7 +365,7 @@ PostgreSQL documentation
           (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
           environment variable (<xref linkend="libpq-envars"/>).  However, it
           should be noted that the server restricts password messages to an
-          effective limit of 995 characters.   While this is enough for the
+          effective limit of 8187 characters.   While this is enough for the
           <literal>scram-sha-256</literal> and <literal>md5</literal>
           authentication methods, it may not be enough for passwords sent in
           clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index 726d53eba0..93f1fa2848 100644
--- a/doc/src/sgml/ref/pg_restore.sgml
+++ b/doc/src/sgml/ref/pg_restore.sgml
@@ -790,7 +790,7 @@
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml
index c49e925cc5..0dea31fb87 100644
--- a/doc/src/sgml/ref/psql-ref.sgml
+++ b/doc/src/sgml/ref/psql-ref.sgml
@@ -535,7 +535,7 @@ EOF
         (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
         environment variable (<xref linkend="libpq-envars"/>).  However, it
         should be noted that the server restricts password messages to an
-        effective limit of 995 characters.   While this is enough for the
+        effective limit of 8187 characters.   While this is enough for the
         <literal>scram-sha-256</literal> and <literal>md5</literal>
         authentication methods, it may not be enough for passwords sent in
         clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/reindexdb.sgml b/doc/src/sgml/ref/reindexdb.sgml
index ddc1b7cd56..84f2eed62a 100644
--- a/doc/src/sgml/ref/reindexdb.sgml
+++ b/doc/src/sgml/ref/reindexdb.sgml
@@ -316,7 +316,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/doc/src/sgml/ref/vacuumdb.sgml b/doc/src/sgml/ref/vacuumdb.sgml
index ca7ff34816..e0eff1abeb 100644
--- a/doc/src/sgml/ref/vacuumdb.sgml
+++ b/doc/src/sgml/ref/vacuumdb.sgml
@@ -341,7 +341,7 @@ PostgreSQL documentation
          (<xref linkend="libpq-pgpass"/>) and the <envar>PGPASSWORD</envar>
          environment variable (<xref linkend="libpq-envars"/>).  However, it
          should be noted that the server restricts password messages to an
-         effective limit of 995 characters.   While this is enough for the
+         effective limit of 8187 characters.   While this is enough for the
          <literal>scram-sha-256</literal> and <literal>md5</literal>
          authentication methods, it may not be enough for passwords sent in
          clear-text via methods such as <literal>password</literal>.  See
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 8517565535..02d77841d1 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -679,7 +679,7 @@ recv_password_packet(Port *port)
 	}
 
 	initStringInfo(&buf);
-	if (pq_getmessage(&buf, 1000))	/* receive password */
+	if (pq_getmessage(&buf, 8192))	/* receive password */
 	{
 		/* EOF - pq_getmessage already logged a suitable message */
 		pfree(buf.data);
-- 
2.16.2