rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid returning undefined bytes in chkpass_in(). 

We can't really fix the problem that the result is defined to depend on
random(), so it is still going to fail the "unstable input conversion"
test in parse_type.c.  However, we can at least satify valgrind.  (It
looks like this code used to be valgrind-clean, actually, until somebody
did a careless s/strncpy/strlcpy/g on it.)

In passing, let's just make real sure that chkpass_out doesn't overrun
its output buffer.

No need for backpatch, I think, since this is just to satisfy debugging
tools.

Asif Naeem
This commit is contained in:
Tom Lane 2015-02-14 12:20:56 -05:00
parent 33e879c4e9
commit 80986e85aa
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/chkpass/chkpass.c
View File

@ -65,7 +65,7 @@ chkpass_in(PG_FUNCTION_ARGS)
/* special case to let us enter encrypted passwords */
if (*str == ':')
{
result = (chkpass *) palloc(sizeof(chkpass));
result = (chkpass *) palloc0(sizeof(chkpass));
strlcpy(result->password, str + 1, 13 + 1);
PG_RETURN_POINTER(result);
}
@ -75,7 +75,7 @@ chkpass_in(PG_FUNCTION_ARGS)
(errcode(ERRCODE_DATA_EXCEPTION),
errmsg("password \"%s\" is weak", str)));
result = (chkpass *) palloc(sizeof(chkpass));
result = (chkpass *) palloc0(sizeof(chkpass));
mysalt[0] = salt_chars[random() & 0x3f];
mysalt[1] = salt_chars[random() & 0x3f];
@ -107,7 +107,7 @@ chkpass_out(PG_FUNCTION_ARGS)
result = (char *) palloc(16);
result[0] = ':';
strcpy(result + 1, password->password);
strlcpy(result + 1, password->password, 15);
PG_RETURN_CSTRING(result);
}