ljb writes:
> Two possible suggested fixes to src/backend/libpq/md5.c, pg_md5_crypt():
> 1) Allocate crypt_buf to (passwd_len + 1 + salt_len)
> 2) Use memcpy(crypt_buf, passwd, passwd_len) not strcpy(crypt_buf, passwd).
> I like fix #2 better, although fix #1 avoids a weirdness with
> PQencryptPa
A trivial little fix for PostgreSQL-8.4.1.
Calling the libpq function PQencryptPassword(password, "") doesn't make
a lot of sense (empty string for username). But if you do, it results
in a 1-byte buffer overflow in pg_md5_encrypt(). (This is in
backend/libpq/md5.c, but it's client, not backend.)
