pgcrypto: Detect and report too-short crypt() salts.
Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/4d6752277e792386e54b036aee8f64ee4fa84cf1
Modified Files
--------------
contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++--
contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++---
contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++
contrib/pgcrypto/expected/crypt-des.out | 4 ++++
contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++
contrib/pgcrypto/sql/crypt-des.sql | 4 ++++
contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++
9 files changed, 103 insertions(+), 6 deletions(-)