Clean up error message reported after \password encryption failure.

tglsfdc · tglsfdc · commit ab27df2490e3 · 2022-01-11T12:03:06.000-05:00
Experimenting with FIPS mode enabled, I saw regression=# \password joe Enter new password for user "joe": Enter it again: could not encrypt password: disabled for FIPS out of memory because PQencryptPasswordConn was still of the opinion that "out of memory" is always appropriate to print. Minor oversight in b69aba7. Like that one, back-patch to v14.
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -1265,6 +1265,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 	if (strcmp(algorithm, "scram-sha-256") == 0)
 	{
 		crypt_pwd = pg_fe_scram_build_secret(passwd);
+		/* We assume the only possible failure is OOM */
+		if (!crypt_pwd)
+			appendPQExpBufferStr(&conn->errorMessage,
+								 libpq_gettext("out of memory\n"));
 	}
 	else if (strcmp(algorithm, "md5") == 0)
 	{
@@ -1282,6 +1286,9 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 				crypt_pwd = NULL;
 			}
 		}
+		else
+			appendPQExpBufferStr(&conn->errorMessage,
+								 libpq_gettext("out of memory\n"));
 	}
 	else
 	{
@@ -1291,9 +1298,5 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		return NULL;
 	}
 
-	if (!crypt_pwd)
-		appendPQExpBufferStr(&conn->errorMessage,
-							 libpq_gettext("out of memory\n"));
-
 	return crypt_pwd;
 }

Original file line number	Diff line number	Diff line change
`@@ -1265,6 +1265,10 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1265`	`1265`	`if (strcmp(algorithm, "scram-sha-256") == 0)`
`1266`	`1266`	`{`
`1267`	`1267`	`crypt_pwd = pg_fe_scram_build_secret(passwd);`
	`1268`	`+ /* We assume the only possible failure is OOM */`
	`1269`	`+ if (!crypt_pwd)`
	`1270`	`+ appendPQExpBufferStr(&conn->errorMessage,`
	`1271`	`+ libpq_gettext("out of memory\n"));`
`1268`	`1272`	`}`
`1269`	`1273`	`else if (strcmp(algorithm, "md5") == 0)`
`1270`	`1274`	`{`
`@@ -1282,6 +1286,9 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1282`	`1286`	`crypt_pwd = NULL;`
`1283`	`1287`	`}`
`1284`	`1288`	`}`
	`1289`	`+ else`
	`1290`	`+ appendPQExpBufferStr(&conn->errorMessage,`
	`1291`	`+ libpq_gettext("out of memory\n"));`
`1285`	`1292`	`}`
`1286`	`1293`	`else`
`1287`	`1294`	`{`
`@@ -1291,9 +1298,5 @@ PQencryptPasswordConn(PGconn conn, const char passwd, const char *user,`
`1291`	`1298`	`return NULL;`
`1292`	`1299`	`}`
`1293`	`1300`
`1294`		`- if (!crypt_pwd)`
`1295`		`- appendPQExpBufferStr(&conn->errorMessage,`
`1296`		`- libpq_gettext("out of memory\n"));`
`1297`		`-`
`1298`	`1301`	`return crypt_pwd;`
`1299`	`1302`	`}`