NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.7k

Commit969ab9d

committed

Follow-up fixes for SHA-2 patch (commit749a9e2).

This changes the check for valid characters in the salt string toonly allow plain ASCII letters and digits. The previous coding waslocale-dependent which doesn't really seem like a great idea here;moreover it could not work correctly in multibyte encodings.This fixes a careless pointer-use-after-pfree, too.Reported-by: Tom Lane <tgl@sss.pgh.pa.us>Reported-by: Andres Freund <andres@anarazel.de>Author: Bernd Helmle <mailings@oopsware.de>Discussion:https://postgr.es/m/6fab35422df6b6b9727fdcc243c5fa1c667dd3b5.camel@oopsware.de

1 parentb73e6d7 commit969ab9dCopy full SHA for 969ab9d

File tree

1 file changed

-5

lines changed

contrib/pgcrypto
- crypt-sha.c

1 file changed

-5

lines changed

`‎contrib/pgcrypto/crypt-sha.c`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@`
`46`	`46`	`#include"postgres.h"`
`47`	`47`
`48`	`48`	`#include"common/string.h"`
	`49`	`+#include"mb/pg_wchar.h"`
`49`	`50`	`#include"miscadmin.h"`
`50`	`51`
`51`	`52`	`#include"px-crypt.h"`
`@@ -58,7 +59,7 @@ typedef enum`
`58`	`59`	`PGCRYPTO_SHA_UNKOWN`
`59`	`60`	`}PGCRYPTO_SHA_t;`
`60`	`61`
`61`		`-staticunsignedchar_crypt_itoa64[64+1]=`
	`62`	`+staticconstchar_crypt_itoa64[64+1]=`
`62`	`63`	`"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";`
`63`	`64`
`64`	`65`	`/*`
`@@ -321,10 +322,13 @@ px_crypt_shacrypt(const char pw, const char salt, char *passwd, unsigned dstle`
`321`	`322`
`322`	`323`	`if (*ep!='$')`
`323`	`324`	`{`
`324`		`-if (isalpha(ep)\|\|isdigit(ep)\|\| (ep=='.')\|\| (ep=='/'))`
	`325`	`+if (strchr(_crypt_itoa64,*ep)!=NULL)`
`325`	`326`	`appendStringInfoCharMacro(decoded_salt,*ep);`
`326`	`327`	`else`
`327`		`-elog(ERROR,"invalid character in salt string: \"%c\"",*ep);`
	`328`	`+ereport(ERROR,`
	`329`	`+errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`330`	`+errmsg("invalid character in salt string: \"%.*s\"",`
	`331`	`+pg_mblen(ep),ep));`
`328`	`332`	`}`
`329`	`333`	`else`
`330`	`334`	`{`
`@@ -602,8 +606,6 @@ px_crypt_shacrypt(const char pw, const char salt, char *passwd, unsigned dstle`
`602`	`606`	`elog(ERROR,"unsupported digest length");`
`603`	`607`	`}`
`604`	`608`
`605`		`-*cp='\0';`
`606`		`-`
`607`	`609`	`/*`
`608`	`610`	`* Copy over result to specified buffer.`
`609`	`611`	`*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit969ab9d

File tree

1 file changed

1 file changed

`‎contrib/pgcrypto/crypt-sha.c`

0 commit comments