diff options
Diffstat (limited to 'contrib/pgcrypto/crypt-des.c')
| -rw-r--r-- | contrib/pgcrypto/crypt-des.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c index b43141fed5..a4aa4966bf 100644 --- a/contrib/pgcrypto/crypt-des.c +++ b/contrib/pgcrypto/crypt-des.c @@ -61,6 +61,7 @@ */ #include "postgres.h" +#include "miscadmin.h" #include "px-crypt.h" @@ -540,6 +541,8 @@ do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count) while (count--) { + CHECK_FOR_INTERRUPTS(); + /* * Do each round. */ @@ -635,6 +638,8 @@ des_cipher(const char *in, char *out, long salt, int count) rawr = ntohl(buffer[1]); retval = do_des(rawl, rawr, &l_out, &r_out, count); + if (retval) + return (retval); buffer[0] = htonl(l_out); buffer[1] = htonl(r_out); @@ -681,9 +686,19 @@ px_crypt_des(const char *key, const char *setting) if (*setting == _PASSWORD_EFMT1) { /* - * "new"-style: setting - underscore, 4 bytes of count, 4 bytes of - * salt key - unlimited characters + * "new"-style: setting must be a 9-character (underscore, then 4 + * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under + * the "Extended crypt" heading for further details. + * + * Unlimited characters of the input key are used. This is known as + * the "Extended crypt" DES method. + * */ + if (strlen(setting) < 9) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("invalid salt"))); + for (i = 1, count = 0L; i < 5; i++) count |= ascii_to_bin(setting[i]) << (i - 1) * 6; @@ -722,10 +737,16 @@ px_crypt_des(const char *key, const char *setting) #endif /* !DISABLE_XDES */ { /* - * "old"-style: setting - 2 bytes of salt key - up to 8 characters + * "old"-style: setting - 2 bytes of salt key - only up to the first 8 + * characters of the input key are used. */ count = 25; + if (strlen(setting) < 2) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("invalid salt"))); + salt = (ascii_to_bin(setting[1]) << 6) | ascii_to_bin(setting[0]); |