Skip to content

Commit 505b5d2

Browse files
hlinnakahlinnaka
committed
Abort authentication if the client selected an invalid SASL mechanism.
Previously, the server would log an error, but then try to continue with SCRAM-SHA-256 anyway. Michael Paquier Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com
1 parent 073ce40 commit 505b5d2

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

src/backend/libpq/auth.c

+4
Original file line numberDiff line numberDiff line change
@@ -934,9 +934,13 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
934934
*/
935935
selected_mech = pq_getmsgrawstring(&buf);
936936
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0)
937+
{
937938
ereport(COMMERROR,
938939
(errcode(ERRCODE_PROTOCOL_VIOLATION),
939940
errmsg("client selected an invalid SASL authentication mechanism")));
941+
pfree(buf.data);
942+
return STATUS_ERROR;
943+
}
940944

941945
inputlen = pq_getmsgint(&buf, 4);
942946
if (inputlen == -1)

0 commit comments

Comments
 (0)