Re: crypt and null termination
От | Bruce Momjian |
---|---|
Тема | Re: crypt and null termination |
Дата | |
Msg-id | 200108170309.f7H39Wd09194@candle.pha.pa.us обсуждение исходный текст |
Ответ на | Re: crypt and null termination (Doug McNaught <doug@wireboard.com>) |
Ответы |
Re: crypt and null termination
(Peter Eisentraut <peter_e@gmx.net>)
|
Список | pgsql-hackers |
> > and conn.salt is char[2]. Isn't this a problem? > > I don't think it is. Note that it refers to the salt as a "character > array", not a string. Also, since '_' isn't in the allowed encoding > set, it can tell the difference between a 9-byte salt and a 2-byte > salt without a terminating NUL. I didn't pick up that array item. Anyway, the patch is small so I will apply it. There is no telling what OS's expect a character string there. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 Index: src/backend/libpq/crypt.c =================================================================== RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/crypt.c,v retrieving revision 1.35 diff -c -r1.35 crypt.c *** src/backend/libpq/crypt.c 2001/08/17 02:59:19 1.35 --- src/backend/libpq/crypt.c 2001/08/17 03:07:19 *************** *** 295,302 **** switch (port->auth_method) { case uaCrypt: ! crypt_pwd = crypt(passwd, port->cryptSalt); break; case uaMD5: crypt_pwd = palloc(MD5_PASSWD_LEN+1); if (isMD5(passwd)) --- 295,306 ---- switch (port->auth_method) { case uaCrypt: ! { ! char salt[3]; ! StrNCpy(salt, port->cryptSalt,3); ! crypt_pwd = crypt(passwd, salt); break; + } case uaMD5: crypt_pwd = palloc(MD5_PASSWD_LEN+1); if (isMD5(passwd)) Index: src/interfaces/libpq/fe-auth.c =================================================================== RCS file: /home/projects/pgsql/cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v retrieving revision 1.51 diff -c -r1.51 fe-auth.c *** src/interfaces/libpq/fe-auth.c 2001/08/17 02:59:19 1.51 --- src/interfaces/libpq/fe-auth.c 2001/08/17 03:07:27 *************** *** 443,450 **** switch (areq) { case AUTH_REQ_CRYPT: ! crypt_pwd = crypt(password, conn->cryptSalt); break; case AUTH_REQ_MD5: { char *crypt_pwd2; --- 443,455 ---- switch (areq) { case AUTH_REQ_CRYPT: ! { ! char salt[3]; ! ! StrNCpy(salt, conn->cryptSalt,3); ! crypt_pwd = crypt(password, salt); break; + } case AUTH_REQ_MD5: { char *crypt_pwd2;
В списке pgsql-hackers по дате отправления: