--- \dll\postgresql-12.0\a\backend\libpq\auth.c	Mon Sep 30 17:06:55 2019
+++ auth.c	Fri Nov 08 14:27:17 2019
@@ -1815,6 +1815,7 @@
 	char		ident_user[IDENT_USERNAME_MAX + 1];
 	pgsocket	sock_fd = PGINVALID_SOCKET; /* for talking to Ident server */
 	int			rc;				/* Return code from a locally called function */
+	int			ident_query_len;
 	bool		ident_return;
 	char		remote_addr_s[NI_MAXHOST];
 	char		remote_port[NI_MAXSERV];
@@ -1913,7 +1914,7 @@
 	}
 
 	/* The query we send to the Ident server */
-	snprintf(ident_query, sizeof(ident_query), "%s,%s\r\n",
+	ident_query_len = snprintf(ident_query, sizeof(ident_query), "%s,%s\r\n",
 			 remote_port, local_port);
 
 	/* loop in case send is interrupted */
@@ -1921,7 +1922,7 @@
 	{
 		CHECK_FOR_INTERRUPTS();
 
-		rc = send(sock_fd, ident_query, strlen(ident_query), 0);
+		rc = send(sock_fd, ident_query, ident_query_len, 0);
 	} while (rc < 0 && errno == EINTR);
 
 	if (rc < 0)
@@ -3053,6 +3054,8 @@
 	char	   *receive_buffer = (char *) &radius_recv_pack;
 	int32		service = pg_hton32(RADIUS_AUTHENTICATE_ONLY);
 	uint8	   *cryptvector;
+	int			secretlen;
+	int			passwdlen;
 	int			encryptedpasswordlen;
 	uint8		encryptedpassword[RADIUS_MAX_PASSWORD_LENGTH];
 	uint8	   *md5trailer;
@@ -3125,10 +3128,12 @@
 	memcpy(cryptvector, secret, strlen(secret));
 
 	/* for the first iteration, we use the Request Authenticator vector */
+    secretlen = strlen(secret);
+    passwdlen = strlen(passwd);
 	md5trailer = packet->vector;
 	for (i = 0; i < encryptedpasswordlen; i += RADIUS_VECTOR_LENGTH)
 	{
-		memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH);
+		memcpy(cryptvector + secretlen, md5trailer, RADIUS_VECTOR_LENGTH);
 
 		/*
 		 * .. and for subsequent iterations the result of the previous XOR
@@ -3136,7 +3141,7 @@
 		 */
 		md5trailer = encryptedpassword + i;
 
-		if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i))
+		if (!pg_md5_binary(cryptvector, secretlen + RADIUS_VECTOR_LENGTH, encryptedpassword + i))
 		{
 			ereport(LOG,
 					(errmsg("could not perform MD5 encryption of password")));
@@ -3147,7 +3152,7 @@
 
 		for (j = i; j < i + RADIUS_VECTOR_LENGTH; j++)
 		{
-			if (j < strlen(passwd))
+			if (j < passwdlen)
 				encryptedpassword[j] = passwd[j] ^ encryptedpassword[j];
 			else
 				encryptedpassword[j] = '\0' ^ encryptedpassword[j];
@@ -3329,7 +3334,7 @@
 		 * Verify the response authenticator, which is calculated as
 		 * MD5(Code+ID+Length+RequestAuthenticator+Attributes+Secret)
 		 */
-		cryptvector = palloc(packetlength + strlen(secret));
+		cryptvector = palloc(packetlength + secretlen);
 
 		memcpy(cryptvector, receivepacket, 4);	/* code+id+length */
 		memcpy(cryptvector + 4, packet->vector, RADIUS_VECTOR_LENGTH);	/* request
@@ -3338,10 +3343,10 @@
 		if (packetlength > RADIUS_HEADER_LENGTH)	/* there may be no
 													 * attributes at all */
 			memcpy(cryptvector + RADIUS_HEADER_LENGTH, receive_buffer + RADIUS_HEADER_LENGTH, packetlength - RADIUS_HEADER_LENGTH);
-		memcpy(cryptvector + packetlength, secret, strlen(secret));
+		memcpy(cryptvector + packetlength, secret, secretlen);
 
 		if (!pg_md5_binary(cryptvector,
-						   packetlength + strlen(secret),
+						   packetlength + secretlen,
 						   encryptedpassword))
 		{
 			ereport(LOG,