Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-05-14 Thread Daniel Gustafsson
> On 14 May 2024, at 07:12, Michael Paquier wrote: > Hence, no objections to clean up that now. Thanks for asking. Thanks for verifying, I've pushed this now. -- Daniel Gustafsson

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-05-13 Thread Michael Paquier
On Mon, May 13, 2024 at 01:01:21PM +0300, Aleksander Alekseev wrote: >> Any objections to fixing this in 17 by removing it? (cc:ing Michael from the >> RMT) > > +1 Something that is not documented or used by anyone (apparently) and > is broken should just be removed. 8a02339e9ba3 sounds like an

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-05-13 Thread Aleksander Alekseev
Hi, > Searching the archives I was unable to find any complaints, and this has been > broken for the entire window of supported releases, so I propose we remove it > as per the attached patch. If anyone is keen on making this work again for > all > the types where it makes sense, it can be resur

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-05-13 Thread Daniel Gustafsson
> On 7 May 2024, at 06:46, Jingxian Li wrote: >> But, since it's been broken in all supported versions of postgres and has >> AFAICT never been documented to exist, should we fix it or just remove it? >> We >> don't support auth-options for any other methods, like clientcert to cert for >> exam

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-05-06 Thread Jingxian Li
Hi Daniel, Thank you for explaining the ins and outs of this problem. On 2024/4/30 17:14, Daniel Gustafsson wrote: >> On 30 Apr 2024, at 04:41, Jingxian Li wrote: > >> Attached is a patch that fixes bug when calling strncmp function, in >> which case the third argument (authmethod - strchr(authm

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-04-30 Thread Daniel Gustafsson
> On 30 Apr 2024, at 04:41, Jingxian Li wrote: > Attached is a patch that fixes bug when calling strncmp function, in > which case the third argument (authmethod - strchr(authmethod, ' ')) > may be negative, which is not as expected.. The calculation is indeed incorrect, but the lack of compla

Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-04-29 Thread Richard Guo
On Tue, Apr 30, 2024 at 10:41 AM Jingxian Li wrote: > Attached is a patch that fixes bug when calling strncmp function, in > which case the third argument (authmethod - strchr(authmethod, ' ')) > may be negative, which is not as expected.. Nice catch. I think you're right from a quick glance.

[PATCH] Fix bug when calling strncmp in check_authmethod_valid

2024-04-29 Thread Jingxian Li
Hi all, Attached is a patch that fixes bug when calling strncmp function, in which case the third argument (authmethod - strchr(authmethod, ' ')) may be negative, which is not as expected.. With Regards, Jingxian Li. v1-0001-Fix-bug-when-calling-strncmp-in-check_authmethod_valid.patch Desc