Fix crash from scram-sha-256 authentication for PostgreSQL engines #25906

kssenii · 2021-07-01T21:11:40Z

I hereby agree to the terms of the CLA available at: https://yandex.ru/legal/cla/?lang=en

Changelog category (leave one):

Bug Fix

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Fixed scram-sha-256 authentication for PostgreSQL engines. Closes #24516.

kssenii · 2021-07-03T06:39:25Z

ClickHouse special build check — 5/6 builds are OK - Failure not related:

2021-07-02 20:56:12 /build/obj-x86_64-linux-gnu/../src/Functions/initializeAggregation.cpp:33:5: error: single-argument constructors must be marked explicit to avoid unintentional implicit conversions [google-explicit-constructor,-warnings-as-errors]
2021-07-02 20:56:12     FunctionInitializeAggregation(ContextPtr context_) : WithContext(context_) {}
2021-07-02 20:56:12     ^
2021-07-02 20:56:12     explicit

Also
Without this changes with scram-sha-256 auth I get crash with:

2021.07.03 06:33:55.273418 [ 2248357 ] {0473721a-30ac-4d35-8558-ae1abe2ba30e} <Trace> PostgreSQLDictionarySource: SELECT "id", "val" FROM "postgresql_table";                                                      
=================================================================                                                                                                                                                  
==2248167==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f647aca8c28 at pc 0x00000b3481bc bp 0x7f647aca8b70 sp 0x7f647aca8338                                                                       
WRITE of size 76 at 0x7f647aca8c28 thread T190                                                                                                                                                                     
    #0 0xb3481bb in __asan_memset (/home/kssenii/ClickHouse/build-asan/programs/clickhouse+0xb3481bb)                                                                                                              
    #1 0x2f2db7d8 in OPENSSL_memset /home/kssenii/ClickHouse/build-asan/../contrib/boringssl/crypto/fipsmodule/self_check/../tls/../../internal.h:811:10                                                           
    #2 0x2f2db7d8 in SHA256_Init /home/kssenii/ClickHouse/build-asan/../contrib/boringssl/crypto/fipsmodule/sha/sha256.c:82:3                                                                                      
    #3 0x2f093db5 in scram_H /home/kssenii/ClickHouse/build-asan/../contrib/libpq/common/scram-common.c:154:5                                                                                                      
    #4 0x2f05a7cc in calculate_client_proof /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-auth-scram.c:769:2                                                                                             
    #5 0x2f05a7cc in build_client_final_message /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-auth-scram.c:547:2                                                                                         
    #6 0x2f05a7cc in pg_fe_scram_exchange /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-auth-scram.c:241:14                                                                                              
    #7 0x2f057e16 in pg_SASL_continue /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-auth.c:649:2                                                                                                         
    #8 0x2f057e16 in pg_fe_sendauth /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-auth.c:1040:8                                                                                                          
    #9 0x2f06489f in PQconnectPoll /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-connect.c:3446:11                                                                                                       
    #10 0x2f05cb5d in connectDBComplete /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-connect.c:2188:10                                                                                                  
    #11 0x2f05d096 in PQconnectdb /home/kssenii/ClickHouse/build-asan/../contrib/libpq/fe-connect.c:708:10

After this changes it works as it should.

Update libpq

012f67e

robot-clickhouse added the pr-bugfix Pull request with bugfix, not backported by default label Jul 1, 2021

robot-ch-test-poll3 added the submodule changed At least one submodule changed in this PR. label Jul 1, 2021

Update libpq

23dd754

kssenii self-assigned this Jul 3, 2021

kssenii merged commit edce778 into ClickHouse:master Jul 3, 2021

kssenii mentioned this pull request Jul 9, 2021

Crash when ENGINE = PostgreSQL #26125

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix crash from scram-sha-256 authentication for PostgreSQL engines #25906

Fix crash from scram-sha-256 authentication for PostgreSQL engines #25906

kssenii commented Jul 1, 2021

kssenii commented Jul 3, 2021 •

edited

Loading

Fix crash from scram-sha-256 authentication for PostgreSQL engines #25906

Fix crash from scram-sha-256 authentication for PostgreSQL engines #25906

Conversation

kssenii commented Jul 1, 2021

kssenii commented Jul 3, 2021 • edited Loading

kssenii commented Jul 3, 2021 •

edited

Loading