mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-15 08:20:16 +08:00
1d812c8b05
Certain short salts crashed the backend or disclosed a few bytes of backend memory. For existing salt-induced error conditions, emit a message saying as much. Back-patch to 9.0 (all supported versions). Josh Kupershmidt Security: CVE-2015-5288
52 lines
1.3 KiB
Plaintext
52 lines
1.3 KiB
Plaintext
--
|
|
-- crypt() and gen_salt(): extended des
|
|
--
|
|
SELECT crypt('', '_J9..j2zz');
|
|
crypt
|
|
----------------------
|
|
_J9..j2zzR/nIRDK3pPc
|
|
(1 row)
|
|
|
|
SELECT crypt('foox', '_J9..j2zz');
|
|
crypt
|
|
----------------------
|
|
_J9..j2zzAYKMvO2BYRY
|
|
(1 row)
|
|
|
|
-- check XDES handling of keys longer than 8 chars
|
|
SELECT crypt('longlongpassword', '_J9..j2zz');
|
|
crypt
|
|
----------------------
|
|
_J9..j2zz4BeseiQNwUg
|
|
(1 row)
|
|
|
|
-- error, salt too short
|
|
SELECT crypt('foox', '_J9..BWH');
|
|
ERROR: invalid salt
|
|
-- error, count specified in the second argument is 0
|
|
SELECT crypt('password', '_........');
|
|
ERROR: crypt(3) returned NULL
|
|
-- error, count will wind up still being 0 due to invalid encoding
|
|
-- of the count: only chars ``./0-9A-Za-z' are valid
|
|
SELECT crypt('password', '_..!!!!!!');
|
|
ERROR: crypt(3) returned NULL
|
|
-- count should be non-zero here, will work
|
|
SELECT crypt('password', '_/!!!!!!!');
|
|
crypt
|
|
----------------------
|
|
_/!!!!!!!zqM49hRzxko
|
|
(1 row)
|
|
|
|
CREATE TABLE ctest (data text, res text, salt text);
|
|
INSERT INTO ctest VALUES ('password', '', '');
|
|
UPDATE ctest SET salt = gen_salt('xdes', 1001);
|
|
UPDATE ctest SET res = crypt(data, salt);
|
|
SELECT res = crypt(data, res) AS "worked"
|
|
FROM ctest;
|
|
worked
|
|
--------
|
|
t
|
|
(1 row)
|
|
|
|
DROP TABLE ctest;
|