Re: Incorrect allocation handling for cryptohash functions with OpenSSL

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Incorrect allocation handling for cryptohash functions with OpenSSL
Date: 2021-01-08 02:29:53
Message-ID: X/
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Jan 07, 2021 at 09:51:00AM +0200, Heikki Linnakangas wrote:
> Hmm. Perhaps it would be best to change all the errors in mock
> authentication to COMMERROR. It'd be nice to have an accurate error message
> in the log, but no need to send it to the client.

Yeah, we could do that. Still, this mode still requires a hard
failure because COMMERROR is just a log, and if only COMMERROR is done
we still expect a salt to be generated to send a challenge back to the
client, which would require a fallback for the salt if the one
generated from the mock nonce cannot. Need to think more about that.

>> Using separate fields looked cleaner to me if it came to debugging,
>> and the cleanup was rather minimal except if we use more switch/case
>> to set up the various variables. What about something like the
>> attached?
> +1

Thanks, I have committed this part.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Justin Pryzby 2021-01-08 02:35:37 Re: PoC/WIP: Extended statistics on expressions
Previous Message Kyotaro Horiguchi 2021-01-08 02:17:12 Re: Add Information during standby recovery conflicts