Force crypt() salt to be null-terminated.
authorBruce Momjian <bruce@momjian.us>
Fri, 17 Aug 2001 03:09:31 +0000 (03:09 +0000)
committerBruce Momjian <bruce@momjian.us>
Fri, 17 Aug 2001 03:09:31 +0000 (03:09 +0000)
src/backend/libpq/crypt.c
src/interfaces/libpq/fe-auth.c

index f82e44ccb25d8b078fa9136d6dcf78f9382425a0..5a54bde4b6b034b527ff85a7216b98f7794845a6 100644 (file)
@@ -9,7 +9,7 @@
  * Dec 17, 1997 - Todd A. Brandys
  *     Orignal Version Completed.
  *
- * $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $
+ * $Id: crypt.c,v 1.36 2001/08/17 03:09:31 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -281,7 +281,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
        if (isMD5(passwd) && port->auth_method != uaMD5)
        {
                snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                       "Password is stored MD5 encrypted.  "
+                       "Password is stored MD5 encrypted.  "
                        "Only pg_hba.conf's MD5 protocol can be used for this user.\n");
                fputs(PQerrormsg, stderr);
                pqdebug("%s", PQerrormsg);
@@ -295,8 +295,12 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
        switch (port->auth_method)
        {
                case uaCrypt:
-                       crypt_pwd = crypt(passwd, port->cryptSalt);
+               {
+                       char salt[3];
+                       StrNCpy(salt, port->cryptSalt,3);
+                       crypt_pwd = crypt(passwd, salt);
                        break;
+               }
                case uaMD5:
                        crypt_pwd = palloc(MD5_PASSWD_LEN+1);
                        if (isMD5(passwd))
index 4e4a8f6d9368bfb6eb5849a8ba8ab6d69372dd2f..8da5e453d87e0bc316f5bbc472955a5527f13e21 100644 (file)
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.51 2001/08/17 02:59:19 momjian Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.52 2001/08/17 03:09:31 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -443,8 +443,13 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
        switch (areq)
        {
                case AUTH_REQ_CRYPT:
-                       crypt_pwd = crypt(password, conn->cryptSalt);
+               {
+                       char salt[3];
+
+                       StrNCpy(salt, conn->cryptSalt,3);
+                       crypt_pwd = crypt(password, salt);
                        break;
+               }
                case AUTH_REQ_MD5:
                        {
                                char *crypt_pwd2;