Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 14f2f9e

Browse filesBrowse files
michaelpqmichaelpq
committed
Add CHECK_FOR_INTERRUPTS() in scram_SaltedPassword() for the backend
scram_SaltedPassword() could take a long time to compute when the number of iterations used is large enough, and this code uses a tight loop to compute a salted password. Note that the same issue exists in libpq when using \password and a large iteration number, but this cannot be interrupted. A CFI in the backend is useful for server-side computations, at least. Backpatch down to 16, where the user-settable GUC scram_iterations has been added. Author: Bowen Shi Reviewed-by: Aleksander Alekseev, Daniel Gustafsson Discussion: https://postgr.es/m/CAM_vCueV6xfr08KczfaCEk5J_qeTZtgqN7+orkNLx=g+phE82Q@mail.gmail.com Backpatch-through: 16
1 parent 930d2b4 commit 14f2f9e
Copy full SHA for 14f2f9e

File tree

Expand file treeCollapse file tree

1 file changed

+11
-0
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+11
-0
lines changed

‎src/common/scram-common.c

Copy file name to clipboardExpand all lines: src/common/scram-common.c
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@
2222
#include "common/base64.h"
2323
#include "common/hmac.h"
2424
#include "common/scram-common.h"
25+
#ifndef FRONTEND
26+
#include "miscadmin.h"
27+
#endif
2528
#include "port/pg_bswap.h"
2629

2730
/*
@@ -73,6 +76,14 @@ scram_SaltedPassword(const char *password,
7376
/* Subsequent iterations */
7477
for (i = 2; i <= iterations; i++)
7578
{
79+
#ifndef FRONTEND
80+
/*
81+
* Make sure that this is interruptible as scram_iterations could be
82+
* set to a large value.
83+
*/
84+
CHECK_FOR_INTERRUPTS();
85+
#endif
86+
7687
if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
7788
pg_hmac_update(hmac_ctx, (uint8 *) Ui_prev, key_length) < 0 ||
7889
pg_hmac_final(hmac_ctx, Ui, key_length) < 0)

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.