From 44f18333b754dafa75d48a691b5af13b72256c7d Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 27 Sep 2001 23:16:23 +0000
Subject: [PATCH] Put MD5 salt at the end for security.

---
 src/backend/libpq/md5.c | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/src/backend/libpq/md5.c b/src/backend/libpq/md5.c
index ad5b4c91ec..d4a6730319 100644
--- a/src/backend/libpq/md5.c
+++ b/src/backend/libpq/md5.c
@@ -10,7 +10,7 @@
  *
  *  Sverre H. Huseby <sverrehu@online.no>
  *
- * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.6 2001/09/21 20:31:47 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.7 2001/09/27 23:16:23 momjian Exp $
  */
 
 #include "postgres.h"
@@ -19,6 +19,14 @@
 
 #include "libpq/crypt.h"
 
+#ifdef FRONTEND
+#undef palloc
+#define palloc malloc
+#undef pfree
+#define pfree free
+#endif
+
+
 /*
  *	PRIVATE FUNCTIONS
  */
@@ -289,15 +297,19 @@ md5_hash(const void *buff, size_t len, char *hexsum)
 bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
 				char *buf)
 {
-	char crypt_buf[128];
-
-	if (salt_len + strlen(passwd) > 127)
-		return false;
-
+	char *crypt_buf = palloc(strlen(passwd) + salt_len);
+	bool ret;
+	
 	strcpy(buf, "md5");
-	memset(crypt_buf, 0, 128);
-	memcpy(crypt_buf, salt, salt_len);
-	memcpy(crypt_buf+salt_len, passwd, strlen(passwd));
+	/*
+	 *	Place salt at the end because it may be known by users
+	 *	trying to crack the MD5 output.
+	 */	
+	strcpy(crypt_buf, passwd);
+	memcpy(crypt_buf+strlen(passwd), salt, salt_len);
+
+	ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3);
+	pfree(crypt_buf);
 
-	return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
+	return ret;
 }
-- 
2.40.0