Fix incorrect password transformation in contrib/pgcrypto's DES crypt().

Overly tight coding caused the password transformation loop to stop
examining input once it had processed a byte equal to 0x80.  Thus, if the
given password string contained such a byte (which is possible though not
highly likely in UTF8, and perhaps also in other non-ASCII encodings), all
subsequent characters would not contribute to the hash, making the password
much weaker than it appears on the surface.

This would only affect cases where applications used DES crypt() to encode
passwords before storing them in the database.  If a weak password has been
created in this fashion, the hash will stop matching after this update has
been applied, so it will be easy to tell if any passwords were unexpectedly
weak.  Changing to a different password would be a good idea in such a case.
(Since DES has been considered inadequately secure for some time, changing
to a different encryption algorithm can also be recommended.)

This code, and the bug, are shared with at least PHP, FreeBSD, and OpenBSD.
Since the other projects have already published their fixes, there is no
point in trying to keep this commit private.

This bug has been assigned CVE-2012-2143, and credit for its discovery goes
to Rubin Xu and Joseph Bonneau.

diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c
index cea80b55e998fc490cf4d93e1483d31aca19bd17..cc2e76a71f7b9907072f30a6a2c389068e3c9d37 100644 (file)
--- a/contrib/pgcrypto/crypt-des.c
+++ b/contrib/pgcrypto/crypt-des.c
@@ -670,7 +670,8 @@ px_crypt_des(const char *key, const char *setting)
        q = (uint8 *) keybuf;
        while (q - (uint8 *) keybuf - 8)
        {
-               if ((*q++ = *key << 1))
+               *q++ = *key << 1;
+               if (*key != '\0')
                        key++;
        }
        if (des_setkey((char *) keybuf))