From 763d4df535cf81b4fc44f85596f6fb8c52edec6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Sat, 7 Feb 2026 13:08:18 +0100
Subject: [PATCH] chore: add scram.c.diff patch reference for security fix v3.0

Related to PR #5348 - This diff file documents the security fix
for the strtok vulnerability in SCRAM authentication code.
---
 deps/libscram/scram.c.diff | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 deps/libscram/scram.c.diff

diff --git a/deps/libscram/scram.c.diff b/deps/libscram/scram.c.diff
new file mode 100644
index 000000000..f8ca80799
--- /dev/null
+++ b/deps/libscram/scram.c.diff
@@ -0,0 +1,24 @@
+--- /tmp/scram.c	2026-02-07 13:03:15
++++ src/scram.c	2026-02-07 13:04:12
+@@ -271,15 +271,16 @@
+ 	s = strdup(secret);
+ 	if (!s)
+ 		goto invalid_secret;
+-	if ((scheme_str = strtok(s, "$")) == NULL)
++	char *saveptr;
++	if ((scheme_str = strtok_r(s, "$", &saveptr)) == NULL)
+ 		goto invalid_secret;
+-	if ((iterations_str = strtok(NULL, ":")) == NULL)
++	if ((iterations_str = strtok_r(NULL, ":", &saveptr)) == NULL)
+ 		goto invalid_secret;
+-	if ((salt_str = strtok(NULL, "$")) == NULL)
++	if ((salt_str = strtok_r(NULL, "$", &saveptr)) == NULL)
+ 		goto invalid_secret;
+-	if ((storedkey_str = strtok(NULL, ":")) == NULL)
++	if ((storedkey_str = strtok_r(NULL, ":", &saveptr)) == NULL)
+ 		goto invalid_secret;
+-	if ((serverkey_str = strtok(NULL, "")) == NULL)
++	if ((serverkey_str = strtok_r(NULL, "", &saveptr)) == NULL)
+ 		goto invalid_secret;
+ 
+ 	/* Parse the fields */