*
* Sverre H. Huseby <sverrehu@online.no>
*
- * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.6 2001/09/21 20:31:47 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.7 2001/09/27 23:16:23 momjian Exp $
*/
#include "postgres.h"
#include "libpq/crypt.h"
+#ifdef FRONTEND
+#undef palloc
+#define palloc malloc
+#undef pfree
+#define pfree free
+#endif
+
+
/*
* PRIVATE FUNCTIONS
*/
bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
char *buf)
{
- char crypt_buf[128];
-
- if (salt_len + strlen(passwd) > 127)
- return false;
-
+ char *crypt_buf = palloc(strlen(passwd) + salt_len);
+ bool ret;
+
strcpy(buf, "md5");
- memset(crypt_buf, 0, 128);
- memcpy(crypt_buf, salt, salt_len);
- memcpy(crypt_buf+salt_len, passwd, strlen(passwd));
+ /*
+ * Place salt at the end because it may be known by users
+ * trying to crack the MD5 output.
+ */
+ strcpy(crypt_buf, passwd);
+ memcpy(crypt_buf+strlen(passwd), salt, salt_len);
+
+ ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3);
+ pfree(crypt_buf);
- return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
+ return ret;
}