Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SCRAM authentication #1

Open
pmwkaa opened this issue May 30, 2018 · 3 comments
Open

Support SCRAM authentication #1

pmwkaa opened this issue May 30, 2018 · 3 comments
Labels
enhancement New feature or request

Comments

@pmwkaa
Copy link
Contributor

pmwkaa commented May 30, 2018

No description provided.

@pmwkaa pmwkaa added the enhancement New feature or request label May 30, 2018
@davidfetter
Copy link

Also (paradoxically) channel binding, both inbound from apps and outbound to the DB.

@shaaza shaaza mentioned this issue Apr 6, 2019
Closed
@sxnazirov sxnazirov mentioned this issue Nov 21, 2019
Open
@qiuwenhuifx qiuwenhuifx mentioned this issue Dec 3, 2019
Open
@x4m
Copy link
Collaborator

x4m commented Dec 11, 2019
edited
Loading

Yes, we have SCRAM, but do not have channel binding yet...

@x4m x4m mentioned this issue Mar 20, 2020
Merged
@x4m x4m mentioned this issue Apr 8, 2020
Open
@g0djan g0djan mentioned this issue Apr 15, 2020
Merged
This was referenced Mar 12, 2022
Closed
Closed
@skilyazhnev skilyazhnev mentioned this issue Mar 3, 2023
Open
chipitsine added a commit to chipitsine/odyssey that referenced this issue Feb 23, 2024
@chipitsine
sources/auth_query.c: improve cleanup on error path
f5f0c47 
found by Coverity

288error:
289        /* unlock hashmap entry */
290        od_hashmap_unlock_key(storage->acache, keyhash, &key);

CID 486482: (yandex#1 of 1): Missing unlock (LOCK)
8. missing_unlock: Returning without unlocking router->lock.
291        return NOT_OK_RESPONSE;
@chipitsine chipitsine mentioned this issue Feb 23, 2024
Closed
chipitsine added a commit to chipitsine/odyssey that referenced this issue Feb 24, 2024
@chipitsine
sources/auth_query.c: improve cleanup on error path
7981c53 
found by Coverity

288error:
289        /* unlock hashmap entry */
290        od_hashmap_unlock_key(storage->acache, keyhash, &key);

CID 486482: (yandex#1 of 1): Missing unlock (LOCK)
8. missing_unlock: Returning without unlocking router->lock.
291        return NOT_OK_RESPONSE;
chipitsine added a commit to chipitsine/odyssey that referenced this issue Jun 4, 2024
@chipitsine
sources/config_reader.c: fix potential null pointer deref
c318de8 
1920        rule->user_name = strdup(route_usr);
      	deref_ptr_in_call: Dereferencing pointer rule->user_name.
1921        rule->user_name_len = strlen(rule->user_name);

CID 493651: (yandex#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking rule->user_name suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
chipitsine added a commit to chipitsine/odyssey that referenced this issue Jun 4, 2024
@chipitsine
sources/config_reader.c: fix potential null deref
ddae407 
      	deref_ptr_in_call: Dereferencing pointer rule->db_name.
1927        rule->db_name_len = strlen(rule->db_name);

CID 493650: (yandex#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking rule->db_name suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
chipitsine added a commit to chipitsine/odyssey that referenced this issue Jun 7, 2024
@chipitsine
sources/frontend.c: fix potential overflow
f5dbab5 
found by coverity

CID 486268: (yandex#1 of 1): Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression timeout * 1000U with type unsigned int (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type int64_t (64 bits, signed).
      	To avoid overflow, cast either timeout or 1000U to type int64_t rather than casting the result of the potential overflow.
1428                    (int64_t)(timeout * 1000 /
chipitsine added a commit to chipitsine/odyssey that referenced this issue Jun 10, 2024
@chipitsine
sources/hba.c: fix memory overrun
9824ba1 
found by coverity

CID 477241: (yandex#1 of 1): Out-of-bounds access (OVERRUN)
1. overrun-buffer-arg: Overrunning buffer pointed to by &rules of 8 bytes by passing it to a function which accesses it at byte offset 15 using argument 16UL.
 37        memcpy(&hba->rules, &rules, sizeof(hba->rules));
@chipitsine chipitsine mentioned this issue Jun 10, 2024
Merged
x4m pushed a commit that referenced this issue Jun 11, 2024
@chipitsine
sources/hba.c: fix memory overrun (#618)
f899d63 
found by coverity

CID 477241: (#1 of 1): Out-of-bounds access (OVERRUN)
1. overrun-buffer-arg: Overrunning buffer pointed to by &rules of 8 bytes by passing it to a function which accesses it at byte offset 15 using argument 16UL.
 37        memcpy(&hba->rules, &rules, sizeof(hba->rules));
chipitsine added a commit to chipitsine/odyssey that referenced this issue Jun 12, 2024
@chipitsine
sources/logger.c: initialize empty_va_list
b15d9e4 
found by coverity

     	10. var_decl: Declaring variable empty_va_list without initializer.
545        va_list empty_va_list;

CID 477250: (yandex#1 of 1): Uninitialized pointer read (UNINIT)
11. uninit_use_in_call: Using uninitialized value empty_va_list when calling od_logger_format.["show details"]
chipitsine added a commit to chipitsine/odyssey that referenced this issue Aug 18, 2024
@chipitsine
sources/ldap.c: fix UAF found by coverity
6171d74 
527        while (retry_cnt--) {

CID 508598: (yandex#1 of 1): Use after free (USE_AFTER_FREE)
13. deref_arg: Calling od_ldap_server_auth dereferences freed pointer serv.[show details]
528                ldap_rc = od_ldap_server_auth(serv, cl, tok);
529
530                od_ldap_endpoint_lock(cl->rule->ldap_endpoint);

Signed-off-by: Ilia Shipitsin <chipitsine@gmail.com>
@chipitsine chipitsine mentioned this issue Aug 18, 2024
Closed
rkhapov pushed a commit that referenced this issue Jan 13, 2025
@chipitsine
sources/logger.c: initialize empty_va_list (#619)
3f57e6c 
* sources/logger.c: initialize empty_va_list

found by coverity

     	10. var_decl: Declaring variable empty_va_list without initializer.
545        va_list empty_va_list;

CID 477250: (#1 of 1): Uninitialized pointer read (UNINIT)
11. uninit_use_in_call: Using uninitialized value empty_va_list when calling od_logger_format.["show details"]

* ok, clang-format
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidfetter @pmwkaa @x4m and others