From 9cb5518b7ff69ab3bbc422313c69d54696fe8472 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 11 Jan 2022 12:03:06 -0500 Subject: [PATCH] Clean up error message reported after \password encryption failure. Experimenting with FIPS mode enabled, I saw regression=# \password joe Enter new password for user "joe": Enter it again: could not encrypt password: disabled for FIPS out of memory because PQencryptPasswordConn was still of the opinion that "out of memory" is always appropriate to print. Minor oversight in b69aba745. Like that one, back-patch to v14. --- src/interfaces/libpq/fe-auth.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 2e6b2e8f04..82fc7cdb98 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -1290,6 +1290,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, if (strcmp(algorithm, "scram-sha-256") == 0) { crypt_pwd = pg_fe_scram_build_secret(passwd); + /* We assume the only possible failure is OOM */ + if (!crypt_pwd) + appendPQExpBufferStr(&conn->errorMessage, + libpq_gettext("out of memory\n")); } else if (strcmp(algorithm, "md5") == 0) { @@ -1307,6 +1311,9 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, crypt_pwd = NULL; } } + else + appendPQExpBufferStr(&conn->errorMessage, + libpq_gettext("out of memory\n")); } else { @@ -1316,9 +1323,5 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, return NULL; } - if (!crypt_pwd) - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("out of memory\n")); - return crypt_pwd; }