diff options
| author | Bruce Momjian <bruce@momjian.us> | 2001-09-27 23:16:23 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2001-09-27 23:16:23 +0000 |
| commit | 44f18333b754dafa75d48a691b5af13b72256c7d (patch) | |
| tree | 8cbd2f54653846c9969ebd9fc4565023a14aaab1 /src | |
| parent | 90aebf7f5242b11bc9576f5d9052d755336b1bcc (diff) | |
| download | postgresql-44f18333b754dafa75d48a691b5af13b72256c7d.tar.gz postgresql-44f18333b754dafa75d48a691b5af13b72256c7d.zip | |
Put MD5 salt at the end for security.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/md5.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/src/backend/libpq/md5.c b/src/backend/libpq/md5.c index ad5b4c91ec4..d4a67303197 100644 --- a/src/backend/libpq/md5.c +++ b/src/backend/libpq/md5.c @@ -10,7 +10,7 @@ * * Sverre H. Huseby <sverrehu@online.no> * - * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.6 2001/09/21 20:31:47 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.7 2001/09/27 23:16:23 momjian Exp $ */ #include "postgres.h" @@ -19,6 +19,14 @@ #include "libpq/crypt.h" +#ifdef FRONTEND +#undef palloc +#define palloc malloc +#undef pfree +#define pfree free +#endif + + /* * PRIVATE FUNCTIONS */ @@ -289,15 +297,19 @@ md5_hash(const void *buff, size_t len, char *hexsum) bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len, char *buf) { - char crypt_buf[128]; - - if (salt_len + strlen(passwd) > 127) - return false; - + char *crypt_buf = palloc(strlen(passwd) + salt_len); + bool ret; + strcpy(buf, "md5"); - memset(crypt_buf, 0, 128); - memcpy(crypt_buf, salt, salt_len); - memcpy(crypt_buf+salt_len, passwd, strlen(passwd)); + /* + * Place salt at the end because it may be known by users + * trying to crack the MD5 output. + */ + strcpy(crypt_buf, passwd); + memcpy(crypt_buf+strlen(passwd), salt, salt_len); + + ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3); + pfree(crypt_buf); - return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3); + return ret; } |