Re: Refactoring base64 encoding and decoding into a safer interface
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-07-02T05:41:08Z
Lists: pgsql-hackers
Attachments
- base64-refactor-safe-v2.patch (text/x-diff) patch v2
On Mon, Jul 01, 2019 at 11:11:43PM +0200, Daniel Gustafsson wrote: > I very much agree that functions operating on a buffer like this should have > the size of the buffer in order to safeguard against overflow, so +1 on the > general concept. Thanks for the review! > A few small comments: > > In src/common/scram-common.c there are a few instances like this. Shouldn’t we > also free the result buffer in these cases? > > +#ifdef FRONTEND > + return NULL; > +#else Fixed. > In the below passage, we leave the input buffer with a non-complete > encoded string. Should we memset the buffer to zero to avoid the > risk that code which fails to check the return value believes it has > an encoded string? Hmm. Good point. I have not thought of that, and your suggestion makes sense. Another question is if we'd want to actually use explicit_bzero() here, but that could be a discussion on this other thread, except if the patch discussed there is merged first: https://www.postgresql.org/message-id/42d26bde-5d5b-c90d-87ae-6cab875f73be@2ndquadrant.com Attached is an updated patch. -- Michael
Commits
-
Introduce safer encoding and decoding routines for base64.c
- cfc40d384ae5 13.0 landed