Hi Alexander, Em qui., 10 de out. de 2024 às 02:00, Alexander Lakhin <exclus...@gmail.com> escreveu:
> Hello Peter, > > 23.07.2024 15:38, Peter Eisentraut wrote: > > This has been committed. Thanks. > > Please look at the SCRAM secret, which breaks parse_scram_secret(), > perhaps because strsep() doesn't return NULL where strtok() did: > > CREATE ROLE r PASSWORD > > 'SCRAM-SHA-256$4096:hpFyHTUsSWcR7O9P$LgZFIt6Oqdo27ZFKbZ2nV+=vtnYM995pDh9ca6WSi120qVV5NeluNfUPkwm7Vqat25RjSPLkGeoZBQs6wVv+um4='; > > Core was generated by `postgres: law regression [local] CREATE > ROLE '. > Program terminated with signal SIGSEGV, Segmentation fault. > > #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74 > (gdb) bt > #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74 > #1 0x0000563625e9e5b0 in parse_scram_secret (...) at auth-scram.c:655 > Thanks for the report. It seems to me that it could be due to incorrect use of the strsep function. See: https://man7.org/linux/man-pages/man3/strsep.3.html " In case no delimiter was found, the token is taken to be the entire string **stringp*, and **stringp* is made NULL. " So, it is necessary to check the *stringp* against NULL too. I tried the patch attached and your test case works. CREATE ROLE r PASSWORD postgres-# 'SCRAM-SHA-256$4096:hpFyHTUsSWcR7O9P$LgZFIt6Oqdo27ZFKbZ2nV+=vtnYM995pDh9ca6WSi120qVV5NeluNfUPkwm7Vqat25RjSPLkGeoZBQs6wVv+um4='; CREATE ROLE best regards, Ranier Vilela
fix-core-dump-strsep-auth-scram.patch
Description: Binary data
