aboutsummaryrefslogtreecommitdiff
path: root/src/interfaces/libpq/fe-auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/interfaces/libpq/fe-auth.c')
-rw-r--r--src/interfaces/libpq/fe-auth.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index eaba0ba56d7..3421ed4685b 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -674,7 +674,22 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
return STATUS_ERROR;
}
- if (outputlen != 0)
+ /*
+ * If the exchange is not completed yet, we need to make sure that the
+ * SASL mechanism has generated a message to send back.
+ */
+ if (output == NULL && !done)
+ {
+ appendPQExpBufferStr(&conn->errorMessage,
+ libpq_gettext("no client response found after SASL exchange success\n"));
+ return STATUS_ERROR;
+ }
+
+ /*
+ * SASL allows zero-length responses, so this check uses "output" and not
+ * "outputlen" to allow the case of an empty message.
+ */
+ if (output)
{
/*
* Send the SASL response to the server.
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-21 15:45:04 +0000