|
10 | 10 | * |
11 | 11 | * Sverre H. Huseby <sverrehu@online.no> |
12 | 12 | * |
13 | | - * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.6 2001/09/21 20:31:47 tgl Exp $ |
| 13 | + * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.7 2001/09/27 23:16:23 momjian Exp $ |
14 | 14 | */ |
15 | 15 |
|
16 | 16 | #include"postgres.h" |
|
19 | 19 |
|
20 | 20 | #include"libpq/crypt.h" |
21 | 21 |
|
| 22 | +#ifdefFRONTEND |
| 23 | +#undef palloc |
| 24 | +#definepalloc malloc |
| 25 | +#undef pfree |
| 26 | +#definepfree free |
| 27 | +#endif |
| 28 | + |
| 29 | + |
22 | 30 | /* |
23 | 31 | *PRIVATE FUNCTIONS |
24 | 32 | */ |
@@ -289,15 +297,19 @@ md5_hash(const void *buff, size_t len, char *hexsum) |
289 | 297 | boolEncryptMD5(constchar*passwd,constchar*salt,size_tsalt_len, |
290 | 298 | char*buf) |
291 | 299 | { |
292 | | -charcrypt_buf[128]; |
293 | | - |
294 | | -if (salt_len+strlen(passwd)>127) |
295 | | -return false; |
296 | | - |
| 300 | +char*crypt_buf=palloc(strlen(passwd)+salt_len); |
| 301 | +boolret; |
| 302 | + |
297 | 303 | strcpy(buf,"md5"); |
298 | | -memset(crypt_buf,0,128); |
299 | | -memcpy(crypt_buf,salt,salt_len); |
300 | | -memcpy(crypt_buf+salt_len,passwd,strlen(passwd)); |
| 304 | +/* |
| 305 | + *Place salt at the end because it may be known by users |
| 306 | + *trying to crack the MD5 output. |
| 307 | + */ |
| 308 | +strcpy(crypt_buf,passwd); |
| 309 | +memcpy(crypt_buf+strlen(passwd),salt,salt_len); |
| 310 | + |
| 311 | +ret=md5_hash(crypt_buf,strlen(passwd)+salt_len,buf+3); |
| 312 | +pfree(crypt_buf); |
301 | 313 |
|
302 | | -returnmd5_hash(crypt_buf,salt_len+strlen(passwd),buf+3); |
| 314 | +returnret; |
303 | 315 | } |