forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commitca59dfa
committed
Apply upstream fix for blowfish signed-character bug (CVE-2011-2483).
A password containing a character with the high bit set was misprocessedon machines where char is signed (which is most). This could cause thepreceding one to three characters to fail to affect the hashed result,thus weakening the password. The result was also unportable, and failedto match some other blowfish implementations such as OpenBSD's.Since the fix changes the output for such passwords, upstream choseto provide a compatibility hack: password salts beginning with $2x$(instead of the usual $2a$ for blowfish) are intentionally processed"wrong" to give the same hash as before. Stored password hashes canthus be modified if necessary to still match, though it'd be betterto change any affected passwords.In passing, sync a couple other upstream changes that marginally improveperformance and/or tighten error checking.Back-patch to all supported branches. Since this issue is alreadypublic, no reason not to commit the fix ASAP.1 parent38c0e72 commitca59dfa
2 files changed
+17
-10
lines changedLines changed: 16 additions & 10 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
5 | 5 |
| |
6 | 6 |
| |
7 | 7 |
| |
8 |
| - | |
9 |
| - | |
| 8 | + | |
| 9 | + | |
10 | 10 |
| |
11 | 11 |
| |
12 | 12 |
| |
| |||
19 | 19 |
| |
20 | 20 |
| |
21 | 21 |
| |
22 |
| - | |
23 |
| - | |
24 |
| - | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
25 | 25 |
| |
26 | 26 |
| |
27 | 27 |
| |
| |||
40 | 40 |
| |
41 | 41 |
| |
42 | 42 |
| |
43 |
| - | |
| 43 | + | |
44 | 44 |
| |
45 | 45 |
| |
46 | 46 |
| |
| |||
49 | 49 |
| |
50 | 50 |
| |
51 | 51 |
| |
| 52 | + | |
52 | 53 |
| |
53 | 54 |
| |
54 | 55 |
| |
| |||
544 | 545 |
| |
545 | 546 |
| |
546 | 547 |
| |
547 |
| - | |
| 548 | + | |
| 549 | + | |
548 | 550 |
| |
549 | 551 |
| |
550 | 552 |
| |
| |||
557 | 559 |
| |
558 | 560 |
| |
559 | 561 |
| |
560 |
| - | |
| 562 | + | |
| 563 | + | |
| 564 | + | |
| 565 | + | |
561 | 566 |
| |
562 | 567 |
| |
563 | 568 |
| |
| |||
599 | 604 |
| |
600 | 605 |
| |
601 | 606 |
| |
602 |
| - | |
| 607 | + | |
603 | 608 |
| |
604 | 609 |
| |
605 | 610 |
| |
| 611 | + | |
606 | 612 |
| |
607 | 613 |
| |
608 | 614 |
| |
| |||
616 | 622 |
| |
617 | 623 |
| |
618 | 624 |
| |
619 |
| - | |
| 625 | + | |
620 | 626 |
| |
621 | 627 |
| |
622 | 628 |
| |
|
Lines changed: 1 addition & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
79 | 79 |
| |
80 | 80 |
| |
81 | 81 |
| |
| 82 | + | |
82 | 83 |
| |
83 | 84 |
| |
84 | 85 |
| |
|
0 commit comments
Comments
(0)