Apply timingsafe_bcmp() in authentication paths This commit applies timingsafe_bcmp() to authentication paths that handle attributes or data previously compared with memcpy() or strcmp(), which are sensitive to timing attacks.
The following data is concerned by this change, some being in the backend and some in the frontend: - For a SCRAM or MD5 password, the computed key or the MD5 hash compared with a password during a plain authentication. - For a SCRAM exchange, the stored key, the client's final nonce and the server nonce. - RADIUS (up to v18), the encrypted password. - For MD5 authentication, the MD5(MD5()) hash. Reported-by: Joe Conway <[email protected]> Security: CVE-2026-6478 Author: Michael Paquier <[email protected]> Reviewed-by: John Naylor <[email protected]> Backpatch-through: 14 Branch ------ REL_14_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/4608619a1cf578f16e799510eaa0a21c0f1f08e3 Author: Michael Paquier <[email protected]> Modified Files -------------- src/backend/libpq/auth-scram.c | 8 ++++---- src/backend/libpq/auth.c | 2 +- src/backend/libpq/crypt.c | 6 ++++-- src/interfaces/libpq/fe-auth-scram.c | 5 +++-- 4 files changed, 12 insertions(+), 9 deletions(-)
