Abort authentication if the client selected an invalid SASL mechanism.

Previously, the server would log an error, but then try to continue with SCRAM-SHA-256 anyway. Michael Paquier Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com

Abort authentication if the client selected an invalid SASL mechanism.
Previously, the server would log an error, but then try to continue with SCRAM-SHA-256 anyway. Michael Paquier Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com
505b5d2f · Heikki Linnakangas · 073ce405 · 505b5d2f
Commit 505b5d2f authored May 25, 2017 by Heikki Linnakangas
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/backend/libpq/auth.c src/backend/libpq/auth.c +4 -0

No files found.
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -934,9 +934,13 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
 			 */
 			selected_mech = pq_getmsgrawstring(&buf);
 			if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0)
+			{
 				ereport(COMMERROR,
 						(errcode(ERRCODE_PROTOCOL_VIOLATION),
 						 errmsg("client selected an invalid SASL authentication mechanism")));
+				pfree(buf.data);
+				return STATUS_ERROR;
+			}

 			inputlen = pq_getmsgint(&buf, 4);
 			if (inputlen == -1)