Error in 18.4 release notes

Started by PG Bug reporting form10 days ago2 messagesdocs

noreply@postgresql.org

10 days ago

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/18/release-18-4.html
Description:

The 18.4 release notes say this: "Use timing-safe string comparisons in
authentication code (Michael Paquier) Use timingsafe_bcmp() instead of
memcpy() or strcmp() when checking passwords, ..."

I think that should be memcmp() instead of memcpy().

Tom Lane

tgl@sss.pgh.pa.us

9 days ago

In reply to: PG Bug reporting form (#1)

Re: Error in 18.4 release notes

PG Doc comments form <noreply@postgresql.org> writes:

The 18.4 release notes say this: "Use timing-safe string comparisons in
authentication code (Michael Paquier) Use timingsafe_bcmp() instead of
memcpy() or strcmp() when checking passwords, ..."

I think that should be memcmp() instead of memcpy().

Sigh, you're right --- that's my thinko. Will fix in git for posterity's
sake, though the notes are already out and probably no-one will care
anymore by the time of the next release.

regards, tom lane