From d79007a80b30a1fad78ca97c0a014846cb0a7ccf Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Fri, 12 Oct 2018 17:30:08 +0000 Subject: [PATCH v1 3/3] Increase the accepted length of password messages to 8192. --- doc/src/sgml/client-auth.sgml | 10 +++++----- doc/src/sgml/libpq.sgml | 2 +- doc/src/sgml/ref/clusterdb.sgml | 2 +- doc/src/sgml/ref/createdb.sgml | 2 +- doc/src/sgml/ref/createuser.sgml | 2 +- doc/src/sgml/ref/dropdb.sgml | 2 +- doc/src/sgml/ref/dropuser.sgml | 2 +- doc/src/sgml/ref/pg_basebackup.sgml | 2 +- doc/src/sgml/ref/pg_dump.sgml | 2 +- doc/src/sgml/ref/pg_dumpall.sgml | 2 +- doc/src/sgml/ref/pg_receivewal.sgml | 2 +- doc/src/sgml/ref/pg_recvlogical.sgml | 2 +- doc/src/sgml/ref/pg_restore.sgml | 2 +- doc/src/sgml/ref/psql-ref.sgml | 2 +- doc/src/sgml/ref/reindexdb.sgml | 2 +- doc/src/sgml/ref/vacuumdb.sgml | 2 +- src/backend/libpq/auth.c | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 1ce581ae0a..96d4926155 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1007,7 +1007,7 @@ omicron bryanh guest1 Furthermore, it should be noted that the server restricts password messages - to an effective limit of 995 characters. While this is enough for the + to an effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via the method password. @@ -1512,7 +1512,7 @@ omicron bryanh guest1 file () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an effective limit - of 995 characters, which presents an upper bound to the length of passwords + of 8187 characters, which presents an upper bound to the length of passwords that will work with LDAP authentication. @@ -1810,7 +1810,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse file () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an effective limit - of 995 characters, which presents an upper bound to the length of passwords + of 8187 characters, which presents an upper bound to the length of passwords that will work with RADIUS authentication. @@ -1953,7 +1953,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse file () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an effective limit - of 995 characters, which presents an upper bound to the length of passwords + of 8187 characters, which presents an upper bound to the length of passwords that will work with PAM authentication. @@ -2031,7 +2031,7 @@ host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapse file () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an effective limit - of 995 characters, which presents an upper bound to the length of passwords + of 8187 characters, which presents an upper bound to the length of passwords that will work with BSD authentication. diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 28d5c0e57c..a696a45dbc 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1104,7 +1104,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname - The server restricts password messages to an effective limit of 995 + The server restricts password messages to an effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in diff --git a/doc/src/sgml/ref/clusterdb.sgml b/doc/src/sgml/ref/clusterdb.sgml index 6b41910e8c..d0eb3066d7 100644 --- a/doc/src/sgml/ref/clusterdb.sgml +++ b/doc/src/sgml/ref/clusterdb.sgml @@ -248,7 +248,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/createdb.sgml b/doc/src/sgml/ref/createdb.sgml index dc995bb295..b25f0562b4 100644 --- a/doc/src/sgml/ref/createdb.sgml +++ b/doc/src/sgml/ref/createdb.sgml @@ -283,7 +283,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml index e1db7f96e6..9516eda553 100644 --- a/doc/src/sgml/ref/createuser.sgml +++ b/doc/src/sgml/ref/createuser.sgml @@ -392,7 +392,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/dropdb.sgml b/doc/src/sgml/ref/dropdb.sgml index 5e96079d0d..acda233446 100644 --- a/doc/src/sgml/ref/dropdb.sgml +++ b/doc/src/sgml/ref/dropdb.sgml @@ -203,7 +203,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/dropuser.sgml b/doc/src/sgml/ref/dropuser.sgml index 8904f68119..0fe5cb86fe 100644 --- a/doc/src/sgml/ref/dropuser.sgml +++ b/doc/src/sgml/ref/dropuser.sgml @@ -207,7 +207,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index d97a859b53..e1f78bb888 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -650,7 +650,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml index 96b16824a8..94a1539963 100644 --- a/doc/src/sgml/ref/pg_dump.sgml +++ b/doc/src/sgml/ref/pg_dump.sgml @@ -1181,7 +1181,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_dumpall.sgml b/doc/src/sgml/ref/pg_dumpall.sgml index b8c489ef55..b913c0b275 100644 --- a/doc/src/sgml/ref/pg_dumpall.sgml +++ b/doc/src/sgml/ref/pg_dumpall.sgml @@ -632,7 +632,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml index 55c3580f04..e54a44defa 100644 --- a/doc/src/sgml/ref/pg_receivewal.sgml +++ b/doc/src/sgml/ref/pg_receivewal.sgml @@ -334,7 +334,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_recvlogical.sgml b/doc/src/sgml/ref/pg_recvlogical.sgml index d052db8fa8..ae56dad276 100644 --- a/doc/src/sgml/ref/pg_recvlogical.sgml +++ b/doc/src/sgml/ref/pg_recvlogical.sgml @@ -365,7 +365,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml index 726d53eba0..93f1fa2848 100644 --- a/doc/src/sgml/ref/pg_restore.sgml +++ b/doc/src/sgml/ref/pg_restore.sgml @@ -790,7 +790,7 @@ () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml index c49e925cc5..0dea31fb87 100644 --- a/doc/src/sgml/ref/psql-ref.sgml +++ b/doc/src/sgml/ref/psql-ref.sgml @@ -535,7 +535,7 @@ EOF () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/reindexdb.sgml b/doc/src/sgml/ref/reindexdb.sgml index ddc1b7cd56..84f2eed62a 100644 --- a/doc/src/sgml/ref/reindexdb.sgml +++ b/doc/src/sgml/ref/reindexdb.sgml @@ -316,7 +316,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/doc/src/sgml/ref/vacuumdb.sgml b/doc/src/sgml/ref/vacuumdb.sgml index ca7ff34816..e0eff1abeb 100644 --- a/doc/src/sgml/ref/vacuumdb.sgml +++ b/doc/src/sgml/ref/vacuumdb.sgml @@ -341,7 +341,7 @@ PostgreSQL documentation () and the PGPASSWORD environment variable (). However, it should be noted that the server restricts password messages to an - effective limit of 995 characters. While this is enough for the + effective limit of 8187 characters. While this is enough for the scram-sha-256 and md5 authentication methods, it may not be enough for passwords sent in clear-text via methods such as password. See diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 8517565535..02d77841d1 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -679,7 +679,7 @@ recv_password_packet(Port *port) } initStringInfo(&buf); - if (pq_getmessage(&buf, 1000)) /* receive password */ + if (pq_getmessage(&buf, 8192)) /* receive password */ { /* EOF - pq_getmessage already logged a suitable message */ pfree(buf.data); -- 2.16.2