| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: pgcrypto: Detect and report too-short crypt() salts. |
| Date: | 2015-10-05 14:09:49 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
pgcrypto: Detect and report too-short crypt() salts.
Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
Branch
------
REL9_4_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/4d95419e8a2006e91a4356b8bb49c1563933f139
Modified Files
--------------
contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++--
contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++---
contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++
contrib/pgcrypto/expected/crypt-des.out | 4 ++++
contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++
contrib/pgcrypto/sql/crypt-des.sql | 4 ++++
contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++
9 files changed, 103 insertions(+), 6 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-10-05 14:15:00 | pgsql: Add regression tests for INSERT/UPDATE+RETURNING |
| Previous Message | Tom Lane | 2015-10-05 13:51:31 | Re: [COMMITTERS] pgsql: Lower *_freeze_max_age minimum values. |