]> granicus.if.org Git - postgresql/commit
pgcrypto: Detect and report too-short crypt() salts.
authorNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
committerNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:35 +0000 (10:06 -0400)
commit48f6310bc5b0a2d883c9439fbc7eb1bd7bd4833d
treea87b67abce94b1411c947ddbc15a92ce91f71a51
parent7116a3e98a465a4dced4ecf0b330e0da4bd79873
pgcrypto: Detect and report too-short crypt() salts.

Certain short salts crashed the backend or disclosed a few bytes of
backend memory.  For existing salt-induced error conditions, emit a
message saying as much.  Back-patch to 9.0 (all supported versions).

Josh Kupershmidt

Security: CVE-2015-5288
contrib/pgcrypto/crypt-blowfish.c
contrib/pgcrypto/crypt-des.c
contrib/pgcrypto/expected/crypt-blowfish.out
contrib/pgcrypto/expected/crypt-des.out
contrib/pgcrypto/expected/crypt-xdes.out
contrib/pgcrypto/px-crypt.c
contrib/pgcrypto/sql/crypt-blowfish.sql
contrib/pgcrypto/sql/crypt-des.sql
contrib/pgcrypto/sql/crypt-xdes.sql