Re: Patch for 1-byte buffer overflow in libpq PQencryptPassword

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Patch for 1-byte buffer overflow in libpq PQencryptPassword
Дата
Msg-id 23416.1252975461@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Patch for 1-byte buffer overflow in libpq PQencryptPassword  (ljb <ljb1813@pobox.com>)
Список pgsql-hackers
ljb <ljb1813@pobox.com> writes:
> Two possible suggested fixes to src/backend/libpq/md5.c, pg_md5_crypt():
> 1) Allocate crypt_buf to (passwd_len + 1 + salt_len)
> 2) Use memcpy(crypt_buf, passwd, passwd_len) not strcpy(crypt_buf, passwd).

> I like fix #2 better, although fix #1 avoids a weirdness with
> PQencryptPassword("","") calling malloc(0) with platform-dependent
> results (which was the problem I was chasing with pgtclng).

Hmm ... I'm inclined to do both.  I agree that the memcpy coding is
cleaner than strcpy when we don't actually care about adding a trailing
null.  But malloc(0) is unportable and best avoided.
        regards, tom lane


В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andrew Dunstan
Дата:
Сообщение: Re: Feature Request: JSON input for hstore
Следующее
От: Robert Haas
Дата:
Сообщение: CommitFest 2009-09: Now In Progress