rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Put MD5 salt at the end for security.

This commit is contained in:
Bruce Momjian 2001-09-27 23:16:23 +00:00
parent 90aebf7f52
commit 44f18333b7
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/backend/libpq/md5.c
View File

@ -10,7 +10,7 @@
*
* Sverre H. Huseby <sverrehu@online.no>
*
* $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.6 2001/09/21 20:31:47 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.7 2001/09/27 23:16:23 momjian Exp $
*/
#include "postgres.h"
@ -19,6 +19,14 @@
#include "libpq/crypt.h"
#ifdef FRONTEND
#undef palloc
#define palloc malloc
#undef pfree
#define pfree free
#endif
/*
* PRIVATE FUNCTIONS
*/
@ -289,15 +297,19 @@ md5_hash(const void *buff, size_t len, char *hexsum)
bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
char *buf)
{
char crypt_buf[128];
if (salt_len + strlen(passwd) > 127)
return false;
char *crypt_buf = palloc(strlen(passwd) + salt_len);
bool ret;
strcpy(buf, "md5");
memset(crypt_buf, 0, 128);
memcpy(crypt_buf, salt, salt_len);
memcpy(crypt_buf+salt_len, passwd, strlen(passwd));
/*
* Place salt at the end because it may be known by users
* trying to crack the MD5 output.
*/
strcpy(crypt_buf, passwd);
memcpy(crypt_buf+strlen(passwd), salt, salt_len);
return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3);
pfree(crypt_buf);
return ret;
}