From: Dave Cramer Date: Fri, 16 Aug 2002 19:34:57 +0000 (+0000) Subject: Applied patch for MD5 bug submitted by Jun Kawai X-Git-Tag: REL7_3~897 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=369e2b6afa355ddc36a9d6e3c9f71354bd1780d9;p=postgresql Applied patch for MD5 bug submitted by Jun Kawai --- diff --git a/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java b/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java index b66cda3a6a..7f6afd44c2 100644 --- a/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java +++ b/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java @@ -13,7 +13,7 @@ import org.postgresql.largeobject.LargeObjectManager; import org.postgresql.util.*; -/* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/jdbc1/Attic/AbstractJdbc1Connection.java,v 1.3 2002/07/26 05:29:34 barry Exp $ +/* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/jdbc1/Attic/AbstractJdbc1Connection.java,v 1.4 2002/08/16 19:34:57 davec Exp $ * This class defines methods of the jdbc1 specification. This class is * extended by org.postgresql.jdbc2.AbstractJdbc2Connection which adds the jdbc2 * methods. The real Connection class (for jdbc1) is org.postgresql.jdbc1.Jdbc1Connection @@ -125,7 +125,7 @@ public abstract class AbstractJdbc1Connection implements org.postgresql.PGConnec } //Read loglevel arg and set the loglevel based on this value - //in addition to setting the log level enable output to + //in addition to setting the log level enable output to //standard out if no other printwriter is set String l_logLevelProp = info.getProperty("loglevel","0"); int l_logLevel = 0; @@ -180,6 +180,7 @@ public abstract class AbstractJdbc1Connection implements org.postgresql.PGConnec { int beresp = pg_stream.ReceiveChar(); String salt = null; + byte [] md5Salt = new byte[4]; switch (beresp) { case 'E': @@ -207,12 +208,12 @@ public abstract class AbstractJdbc1Connection implements org.postgresql.PGConnec // Or get the md5 password salt if there is one if (areq == AUTH_REQ_MD5) { - byte[] rst = new byte[4]; - rst[0] = (byte)pg_stream.ReceiveChar(); - rst[1] = (byte)pg_stream.ReceiveChar(); - rst[2] = (byte)pg_stream.ReceiveChar(); - rst[3] = (byte)pg_stream.ReceiveChar(); - salt = new String(rst, 0, 4); + + md5Salt[0] = (byte)pg_stream.ReceiveChar(); + md5Salt[1] = (byte)pg_stream.ReceiveChar(); + md5Salt[2] = (byte)pg_stream.ReceiveChar(); + md5Salt[3] = (byte)pg_stream.ReceiveChar(); + salt = new String(md5Salt, 0, 4); if (org.postgresql.Driver.logDebug) org.postgresql.Driver.debug("MD5 salt=" + salt); } @@ -249,7 +250,7 @@ public abstract class AbstractJdbc1Connection implements org.postgresql.PGConnec case AUTH_REQ_MD5: if (org.postgresql.Driver.logDebug) org.postgresql.Driver.debug("postgresql: MD5"); - byte[] digest = MD5Digest.encode(PG_USER, password, salt); + byte[] digest = MD5Digest.encode(PG_USER, password, md5Salt); pg_stream.SendInteger(5 + digest.length, 4); pg_stream.Send(digest); pg_stream.SendInteger(0, 1); @@ -1217,7 +1218,7 @@ public abstract class AbstractJdbc1Connection implements org.postgresql.PGConnec return (pg_stream == null); } - /* + /* * This implemetation uses the jdbc1Types array to support the jdbc1 * datatypes. Basically jdbc1 and jdbc2 are the same, except that * jdbc2 adds the Array types.