Quick Links

Re: Non-compliant SASLprep implementation for ASCII characters

From:	Alexander Lakhin <exclusion(at)gmail(dot)com>
To:	Michael Paquier <michael(at)paquier(dot)xyz>
Cc:	John Naylor <johncnaylorls(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Non-compliant SASLprep implementation for ASCII characters
Date:	2026-04-12 13:00:00
Message-ID:	7fb11a74-69c6-4f73-b505-0fac9783cc4c@gmail.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

12.04.2026 14:47, Michael Paquier wrote:
> On Sun, Apr 12, 2026 at 09:00:00AM +0300, Alexander Lakhin wrote:
>> That is, strlcpy() tries to evaluate strlen() for src, which contains only
>> one byte without null terminator.
> Thanks for the report. I don't know why skink is not complaining, but
> I do see the failure, and I am able to fix it with the attached. Does
> it work on your side?

Yes, it works. Thank you for paying attention to the issue!

Maybe it would make sense to find out why skink doesn't detect this (just
in case there are or will be similar defects hiding) before pushing the
fix...

Best regards,
Alexander

In response to

Re: Non-compliant SASLprep implementation for ASCII characters at 2026-04-12 11:47:10 from Michael Paquier

Responses

Re: Non-compliant SASLprep implementation for ASCII characters at 2026-04-13 00:12:32 from Michael Paquier

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	David Rowley	2026-04-12 13:17:02	Re: Small and unlikely overflow hazard in bms_next_member()
Previous Message	David Rowley	2026-04-12 12:33:04	Re: Small and unlikely overflow hazard in bms_next_member()