error processing for RAND_bytes, style issue

2024-12-12 17:32:32 +00:00 · 2022-04-21 13:07:44 -04:00 · 2022-04-21 13:07:44 -04:00 · f966d69791
commit f966d69791
parent 2f38e7bc5c
2 changed files with 11 additions and 2 deletions
--- a/src/Access/Common/AuthenticationData.cpp
+++ b/src/Access/Common/AuthenticationData.cpp
@ -210,7 +210,7 @@ void AuthenticationData::setPasswordHashBinary(const Digest & hash)
    throw Exception("setPasswordHashBinary(): authentication type " + toString(type) + " not supported", ErrorCodes::NOT_IMPLEMENTED);
 }

-void AuthenticationData::setSalt(String  salt_)
+void AuthenticationData::setSalt(String salt_)
 {
    if (type != AuthenticationType::SHA256_PASSWORD)
        throw Exception("setSalt(): authentication type " + toString(type) + " not supported", ErrorCodes::NOT_IMPLEMENTED);
--- a/src/Parsers/Access/ParserCreateUserQuery.cpp
+++ b/src/Parsers/Access/ParserCreateUserQuery.cpp
@ -21,10 +21,17 @@
 #if USE_SSL
 #     include <openssl/crypto.h>
 #     include <openssl/rand.h>
+#     include <openssl/err.h>
 #endif

 namespace DB
 {
+
+namespace ErrorCodes
+{
+    extern const int OPENSSL_ERROR;
+}
+
 namespace
 {
    bool parseRenameTo(IParserBase::Pos & pos, Expected & expected, String & new_name)
@ -166,7 +173,9 @@ namespace
                    ///generate and add salt here
                    ///random generator FIPS complaint
                    uint8_t key[32];
-                    RAND_bytes(key, sizeof(key));
+                    if (RAND_bytes(key, sizeof(key)) != 1)
+                        throw Exception(ErrorCodes::OPENSSL_ERROR, "Cannot generate salt for password. OpenSSL error code: {}", ERR_get_error());
+
                    String salt;
                    salt.resize(sizeof(key) * 2);
                    char * buf_pos = salt.data();