Commitb5453fa

committed

Force crypt() salt to be null-terminated.

1 parentda45a0b commitb5453faCopy full SHA for b5453fa

File tree

+14

-5

lines changed

+14

-5

lines changed

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`* Dec 17, 1997 - Todd A. Brandys`
`10`	`10`	`*Orignal Version Completed.`
`11`	`11`	`*`
`12`		`- * $Id: crypt.c,v 1.35 2001/08/1702:59:19 momjian Exp $`
	`12`	`+ * $Id: crypt.c,v 1.36 2001/08/1703:09:31 momjian Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -281,7 +281,7 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`281`	`281`	`if (isMD5(passwd)&&port->auth_method!=uaMD5)`
`282`	`282`	`{`
`283`	`283`	`snprintf(PQerrormsg,PQERRORMSG_LENGTH,`
`284`		`-"Password is stored MD5 encrypted. "`
	`284`	`+"Password is stored MD5 encrypted. "`
`285`	`285`	`"Only pg_hba.conf's MD5 protocol can be used for this user.\n");`
`286`	`286`	`fputs(PQerrormsg,stderr);`
`287`	`287`	`pqdebug("%s",PQerrormsg);`
`@@ -295,8 +295,12 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`295`	`295`	`switch (port->auth_method)`
`296`	`296`	`{`
`297`	`297`	`caseuaCrypt:`
`298`		`-crypt_pwd=crypt(passwd,port->cryptSalt);`
	`298`	`+{`
	`299`	`+charsalt[3];`
	`300`	`+StrNCpy(salt,port->cryptSalt,3);`
	`301`	`+crypt_pwd=crypt(passwd,salt);`
`299`	`302`	`break;`
	`303`	`+}`
`300`	`304`	`caseuaMD5:`
`301`	`305`	`crypt_pwd=palloc(MD5_PASSWD_LEN+1);`
`302`	`306`	`if (isMD5(passwd))`

Lines changed: 7 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.51 2001/08/1702:59:19 momjian Exp $`
	`13`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.52 2001/08/1703:09:31 momjian Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -443,8 +443,13 @@ pg_password_sendauth(PGconn conn, const char password, AuthRequest areq)`
`443`	`443`	`switch (areq)`
`444`	`444`	`{`
`445`	`445`	`caseAUTH_REQ_CRYPT:`
`446`		`-crypt_pwd=crypt(password,conn->cryptSalt);`
	`446`	`+{`
	`447`	`+charsalt[3];`
	`448`	`+`
	`449`	`+StrNCpy(salt,conn->cryptSalt,3);`
	`450`	`+crypt_pwd=crypt(password,salt);`
`447`	`451`	`break;`
	`452`	`+}`
`448`	`453`	`caseAUTH_REQ_MD5:`
`449`	`454`	`{`
`450`	`455`	`char*crypt_pwd2;`

Comments

(0)