Re: [HACKERS] crypt and null termination

Thu, 16 Aug 2001 20:19:50 -0700 

> > and conn.salt is char[2].  Isn't this a problem?
> 
> I don't think it is.  Note that it refers to the salt as a "character
> array", not a string.  Also, since '_' isn't in the allowed encoding
> set, it can tell the difference between a 9-byte salt and a 2-byte
> salt without a terminating NUL.

I didn't pick up that array item.

Anyway, the patch is small so I will apply it.  There is no telling what
OS's expect a character string there.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  [EMAIL PROTECTED]               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Index: src/backend/libpq/crypt.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/crypt.c,v
retrieving revision 1.35
diff -c -r1.35 crypt.c
*** src/backend/libpq/crypt.c   2001/08/17 02:59:19     1.35
--- src/backend/libpq/crypt.c   2001/08/17 03:07:19
***************
*** 295,302 ****
        switch (port->auth_method)
        {
                case uaCrypt:
!                       crypt_pwd = crypt(passwd, port->cryptSalt);
                        break;
                case uaMD5:
                        crypt_pwd = palloc(MD5_PASSWD_LEN+1);
                        if (isMD5(passwd))
--- 295,306 ----
        switch (port->auth_method)
        {
                case uaCrypt:
!               {
!                       char salt[3];
!                       StrNCpy(salt, port->cryptSalt,3);
!                       crypt_pwd = crypt(passwd, salt);
                        break;
+               }
                case uaMD5:
                        crypt_pwd = palloc(MD5_PASSWD_LEN+1);
                        if (isMD5(passwd))
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.51
diff -c -r1.51 fe-auth.c
*** src/interfaces/libpq/fe-auth.c      2001/08/17 02:59:19     1.51
--- src/interfaces/libpq/fe-auth.c      2001/08/17 03:07:27
***************
*** 443,450 ****
        switch (areq)
        {
                case AUTH_REQ_CRYPT:
!                       crypt_pwd = crypt(password, conn->cryptSalt);
                        break;
                case AUTH_REQ_MD5:
                        {
                                char *crypt_pwd2;
--- 443,455 ----
        switch (areq)
        {
                case AUTH_REQ_CRYPT:
!               {
!                       char salt[3];
! 
!                       StrNCpy(salt, conn->cryptSalt,3);
!                       crypt_pwd = crypt(password, salt);
                        break;
+               }
                case AUTH_REQ_MD5:
                        {
                                char *crypt_pwd2;


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Reply via email to