From 34fbfe1f57d84163fea4e234bf78d3b5fd5364b1 Mon Sep 17 00:00:00 2001
From: Richard Guo <rguo@postgresql.org>
Date: Wed, 26 Mar 2025 17:46:51 +0900
Subject: [PATCH] Fix integer-overflow problem in scram_SaltedPassword()

Setting the iteration count for SCRAM secret generation to INT_MAX
will cause an infinite loop in scram_SaltedPassword() due to integer
overflow, as the loop uses the "i <= iterations" comparison.  To fix,
use "i < iterations" instead.

Back-patch to v16 where the user-settable GUC scram_iterations has
been added.

Author: Kevin K Biju <kevinkbiju@gmail.com>
Reviewed-by: Richard Guo <guofenglinux@gmail.com>
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
---
 src/common/scram-common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/scram-common.c b/src/common/scram-common.c
index 51cc12e8c3e..c36ed7124c2 100644
--- a/src/common/scram-common.c
+++ b/src/common/scram-common.c
@@ -74,7 +74,7 @@ scram_SaltedPassword(const char *password,
 	memcpy(result, Ui_prev, key_length);
 
 	/* Subsequent iterations */
-	for (i = 2; i <= iterations; i++)
+	for (i = 1; i < iterations; i++)
 	{
 #ifndef FRONTEND
 		/*
-- 
2.39.5