Bug 785394

Summary: psql truncates long passwords
Product: [Fedora] Fedora Reporter: Andy Grimm <agrimm>
Component: postgresqlAssignee: Tom Lane <tgl>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: devrim, hhorak, jgoulding, tgl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-28 18:07:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Patch to introduce PASSWDLEN constant none

Description Andy Grimm 2012-01-28 16:03:32 UTC
Created attachment 558061 [details]
Patch to introduce PASSWDLEN constant

Description of problem:
psql has a hard-coded password length limit of 100 characters, while the server side (and other client tools, such as postgresql-jdbc or PyGreSQL) support much longer passwords.

Version-Release number of selected component (if applicable):
This code is present in all 9.x releases, and 8.x had similar code.

How reproducible:
Always

Steps to Reproduce:
1. Create a password file containing a string longer than 100 (but less than 1024) characters
2. Run: initdb -D /tmp/pg --auth=password --pwfile=pwfile
3. Run: pg_ctl -D /tmp/pg -l /tmp/logfile start
4. Run: psql postgres
5. When prompted, paste the contents of pwfile as your password.
6. Alternatively, create a .pgpass file with contents like localhost:*:*:*:your_really_long_password and run "psql postgres"

Actual results:
psql: FATAL:  password authentication failed for user "yourUserName"

Expected results:
A successful login

Additional info:
initdb's pwfile option inexplicably uses MAXPGPATH as the password length limit.  The value of this constant, 1024, is a sensible limit, but path length and password length have nothing to do with one another.

I'm attaching a patch which defines a PASSWDLEN constant and uses it both in setting the password and reading it from the prompt or pgpass.  I have tested this on Fedora 16.

I've also filed a bug with the upstream project:
http://archives.postgresql.org/pgsql-bugs/2012-01/msg00212.php

I have not yet submitted the patch to them, though.

Comment 1 Tom Lane 2012-01-28 18:07:12 UTC
Upstream is the proper place to address this --- I can't conceive of it being worth the trouble for Fedora to carry a private patch for this.