Abort authentication if the client selected an invalid SASL mechanism.

Previously, the server would log an error, but then try to continue with SCRAM-SHA-256 anyway. Michael Paquier Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com
author: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2017-05-25 08:50:47 -0400
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2017-05-25 08:50:47 -0400
commit: 505b5d2f8672f13c98dd744a6d421da14f59cd39 (patch)
tree: 5eb5c852cbe3762ff6cbaf57f3f9e1afbfe26a37 /src/backend/libpq/auth.c
parent: 073ce405d68355eed36a11b41e558232ecf18201 (diff)
download: postgresql-505b5d2f8672f13c98dd744a6d421da14f59cd39.tar.gz
postgresql-505b5d2f8672f13c98dd744a6d421da14f59cd39.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index c895ba0c326..5b68e3b7a16 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -934,9 +934,13 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
 			 */
 			selected_mech = pq_getmsgrawstring(&buf);
 			if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0)
+			{
 				ereport(COMMERROR,
 						(errcode(ERRCODE_PROTOCOL_VIOLATION),
 						 errmsg("client selected an invalid SASL authentication mechanism")));
+				pfree(buf.data);
+				return STATUS_ERROR;
+			}
 
 			inputlen = pq_getmsgint(&buf, 4);
 			if (inputlen == -1)
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2017-05-25 08:50:47 -0400
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2017-05-25 08:50:47 -0400
commit	505b5d2f8672f13c98dd744a6d421da14f59cd39 (patch)
tree	5eb5c852cbe3762ff6cbaf57f3f9e1afbfe26a37 /src/backend/libpq/auth.c
parent	073ce405d68355eed36a11b41e558232ecf18201 (diff)
download	postgresql-505b5d2f8672f13c98dd744a6d421da14f59cd39.tar.gz postgresql-505b5d2f8672f13c98dd744a6d421da14f59cd39.zip