projects / users / c2main / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2ca9d54) | patch
pgcrypto: Detect and report too-short crypt() salts.
authorNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
committerNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
commit1d812c8b059d0b9b1fba4a459c9876de0f6259b6
tree567ebc7798e9792adb395a26f48c8a57dd1b4001tree
parent2ca9d5445c35db8956e4abbf1e653373820e8c0acommit | diff
pgcrypto: Detect and report too-short crypt() salts.

Certain short salts crashed the backend or disclosed a few bytes of
backend memory.  For existing salt-induced error conditions, emit a
message saying as much.  Back-patch to 9.0 (all supported versions).

Josh Kupershmidt

Security: CVE-2015-5288
contrib/pgcrypto/crypt-blowfish.c diff | blob | blame | history
contrib/pgcrypto/crypt-des.c diff | blob | blame | history
contrib/pgcrypto/expected/crypt-blowfish.out diff | blob | blame | history
contrib/pgcrypto/expected/crypt-des.out diff | blob | blame | history
contrib/pgcrypto/expected/crypt-xdes.out diff | blob | blame | history
contrib/pgcrypto/px-crypt.c diff | blob | blame | history
contrib/pgcrypto/sql/crypt-blowfish.sql diff | blob | blame | history
contrib/pgcrypto/sql/crypt-des.sql diff | blob | blame | history
contrib/pgcrypto/sql/crypt-xdes.sql diff | blob | blame | history
Cedric's Stuff