From 86ab28fbd19a6a0742a7f66e69a595b61eb13d00 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Wed, 22 Nov 2017 14:02:57 -0500
Subject: Check channel binding flag at end of SCRAM exchange

We need to check whether the channel-binding flag encoded in the
client-final-message is the same one sent in the client-first-message.

Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
---
 src/interfaces/libpq/fe-auth-scram.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/interfaces/libpq/fe-auth-scram.c')

diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 97db0b1faa8..5b783bc3136 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -437,6 +437,10 @@ build_client_final_message(fe_scram_state *state, PQExpBuffer errormessage)
 	/*
 	 * Construct client-final-message-without-proof.  We need to remember it
 	 * for verifying the server proof in the final step of authentication.
+	 *
+	 * The channel binding flag handling (p/y/n) must be consistent with
+	 * build_client_first_message(), because the server will check that it's
+	 * the same flag both times.
 	 */
 	if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
 	{
-- 
cgit v1.2.3