Re: crypt and null termination

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: crypt and null termination
Дата
Msg-id 200108170309.f7H39Wd09194@candle.pha.pa.us
обсуждение исходный текст
Ответ на Re: crypt and null termination  (Doug McNaught <doug@wireboard.com>)
Ответы Re: crypt and null termination  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-hackers
Дерево обсуждения 
> > and conn.salt is char[2].  Isn't this a problem?
>
> I don't think it is.  Note that it refers to the salt as a "character
> array", not a string.  Also, since '_' isn't in the allowed encoding
> set, it can tell the difference between a 9-byte salt and a 2-byte
> salt without a terminating NUL.

I didn't pick up that array item.

Anyway, the patch is small so I will apply it.  There is no telling what
OS's expect a character string there.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/crypt.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/crypt.c,v
retrieving revision 1.35
diff -c -r1.35 crypt.c
*** src/backend/libpq/crypt.c    2001/08/17 02:59:19    1.35
--- src/backend/libpq/crypt.c    2001/08/17 03:07:19
***************
*** 295,302 ****
      switch (port->auth_method)
      {
          case uaCrypt:
!             crypt_pwd = crypt(passwd, port->cryptSalt);
              break;
          case uaMD5:
              crypt_pwd = palloc(MD5_PASSWD_LEN+1);
              if (isMD5(passwd))
--- 295,306 ----
      switch (port->auth_method)
      {
          case uaCrypt:
!         {
!             char salt[3];
!             StrNCpy(salt, port->cryptSalt,3);
!             crypt_pwd = crypt(passwd, salt);
              break;
+         }
          case uaMD5:
              crypt_pwd = palloc(MD5_PASSWD_LEN+1);
              if (isMD5(passwd))
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.51
diff -c -r1.51 fe-auth.c
*** src/interfaces/libpq/fe-auth.c    2001/08/17 02:59:19    1.51
--- src/interfaces/libpq/fe-auth.c    2001/08/17 03:07:27
***************
*** 443,450 ****
      switch (areq)
      {
          case AUTH_REQ_CRYPT:
!             crypt_pwd = crypt(password, conn->cryptSalt);
              break;
          case AUTH_REQ_MD5:
              {
                  char *crypt_pwd2;
--- 443,455 ----
      switch (areq)
      {
          case AUTH_REQ_CRYPT:
!         {
!             char salt[3];
!
!             StrNCpy(salt, conn->cryptSalt,3);
!             crypt_pwd = crypt(password, salt);
              break;
+         }
          case AUTH_REQ_MD5:
              {
                  char *crypt_pwd2;

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Doug McNaught
Дата:
Сообщение: Re: crypt and null termination
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Dollar in identifiers