pgcrypto: Detect and report too-short crypt() salts.
Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/cc1210f0aa441cd0825380ed3fddfeadb6f6533f
Modified Files
--------------
contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++--
contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++---
contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++
contrib/pgcrypto/expected/crypt-des.out | 4 ++++
contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++
contrib/pgcrypto/sql/crypt-des.sql | 4 ++++
contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++
9 files changed, 103 insertions(+), 6 deletions(-)