upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-25 08:29:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Heikki Linnakangas b282280e9b Add timingsafe_bcmp(), for constant-time memory comparison 
timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.

This has been initially applied as of 09be391126 in v18 and newer
versions, and will be used in all the stable branches for an upcoming
fix.

Co-authored-by: Jelte Fennema-Nio <github-tech@jeltef.nl>
Discussion: https://www.postgresql.org/message-id/7b86da3b-9356-4e50-aa1b-56570825e234@iki.fi
Security: CVE-2026-6478
Backpatch-through: 14
2026-05-11 05:13:51 -07:00
..
backend Fix unbounded recursive handling of SSL/GSS in ProcessStartupPacket() 2026-05-11 05:13:51 -07:00
bin Translation updates 2026-05-11 13:23:46 +02:00
common Unify src/common/'s definitions of MaxAllocSize. 2026-05-11 05:13:51 -07:00
fe_utils In fmtIdEnc(), handle failure of enlargePQExpBuffer(). 2025-02-16 12:46:35 -05:00
include Add timingsafe_bcmp(), for constant-time memory comparison 2026-05-11 05:13:51 -07:00
interfaces Add pg_add_size_overflow() and friends 2026-05-11 05:13:51 -07:00
makefiles Add NO_INSTALL option to pgxs 2021-05-27 13:58:29 +02:00
pl Make plpgsql_trap test more robust and less resource-intensive. 2026-04-21 10:54:39 -04:00
port Add timingsafe_bcmp(), for constant-time memory comparison 2026-05-11 05:13:51 -07:00
template On NetBSD, force dynamic symbol resolution at postmaster start. 2022-08-30 17:29:03 -04:00
test Fix unbounded recursive handling of SSL/GSS in ProcessStartupPacket() 2026-05-11 05:13:51 -07:00
timezone Update time zone data files to tzdata release 2026b. 2026-04-24 12:28:35 -04:00
tools Add timingsafe_bcmp(), for constant-time memory comparison 2026-05-11 05:13:51 -07:00
tutorial Doc: sync src/tutorial/basics.source with SGML documentation. 2022-11-19 13:09:14 -05:00
.gitignore
DEVELOPERS
Makefile Remove the option to build thread_test.c outside configure. 2020-10-21 12:08:48 -04:00
Makefile.global.in Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:41 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
nls-global.mk Fix update-po for the PGXS case 2025-10-16 20:21:05 +02:00