mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-07-31 14:53:23 +02:00
01824385ae
Coverity identified a number of places in which it couldn't prove that a string being copied into a fixed-size buffer would fit. We believe that most, perhaps all of these are in fact safe, or are copying data that is coming from a trusted source so that any overrun is not really a security issue. Nonetheless it seems prudent to forestall any risk by using strlcpy() and similar functions. Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports. In addition, fix a potential null-pointer-dereference crash in contrib/chkpass. The crypt(3) function is defined to return NULL on failure, but chkpass.c didn't check for that before using the result. The main practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). This ideally should've been a separate commit, but since it touches code adjacent to one of the buffer overrun changes, I included it in this commit to avoid last-minute merge issues. This issue was reported by Honza Horak. Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
183 lines
3.9 KiB
C
183 lines
3.9 KiB
C
/*
|
|
* PostgreSQL type definitions for chkpass
|
|
* Written by D'Arcy J.M. Cain
|
|
* darcy@druid.net
|
|
* http://www.druid.net/darcy/
|
|
*
|
|
* contrib/chkpass/chkpass.c
|
|
* best viewed with tabs set to 4
|
|
*/
|
|
|
|
#include "postgres.h"
|
|
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
#ifdef HAVE_CRYPT_H
|
|
#include <crypt.h>
|
|
#endif
|
|
|
|
#include "fmgr.h"
|
|
#include "utils/builtins.h"
|
|
|
|
PG_MODULE_MAGIC;
|
|
|
|
/*
|
|
* This type encrypts it's input unless the first character is a colon.
|
|
* The output is the encrypted form with a leading colon. The output
|
|
* format is designed to allow dump and reload operations to work as
|
|
* expected without doing special tricks.
|
|
*/
|
|
|
|
|
|
/*
|
|
* This is the internal storage format for CHKPASSs.
|
|
* 15 is all I need but add a little buffer
|
|
*/
|
|
|
|
typedef struct chkpass
|
|
{
|
|
char password[16];
|
|
} chkpass;
|
|
|
|
/*
|
|
* Various forward declarations:
|
|
*/
|
|
|
|
Datum chkpass_in(PG_FUNCTION_ARGS);
|
|
Datum chkpass_out(PG_FUNCTION_ARGS);
|
|
Datum chkpass_rout(PG_FUNCTION_ARGS);
|
|
|
|
/* Only equal or not equal make sense */
|
|
Datum chkpass_eq(PG_FUNCTION_ARGS);
|
|
Datum chkpass_ne(PG_FUNCTION_ARGS);
|
|
|
|
|
|
/* This function checks that the password is a good one
|
|
* It's just a placeholder for now */
|
|
static int
|
|
verify_pass(const char *str)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* CHKPASS reader.
|
|
*/
|
|
PG_FUNCTION_INFO_V1(chkpass_in);
|
|
Datum
|
|
chkpass_in(PG_FUNCTION_ARGS)
|
|
{
|
|
char *str = PG_GETARG_CSTRING(0);
|
|
chkpass *result;
|
|
char mysalt[4];
|
|
char *crypt_output;
|
|
static char salt_chars[] =
|
|
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
|
|
/* special case to let us enter encrypted passwords */
|
|
if (*str == ':')
|
|
{
|
|
result = (chkpass *) palloc(sizeof(chkpass));
|
|
strlcpy(result->password, str + 1, 13 + 1);
|
|
PG_RETURN_POINTER(result);
|
|
}
|
|
|
|
if (verify_pass(str) != 0)
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_DATA_EXCEPTION),
|
|
errmsg("password \"%s\" is weak", str)));
|
|
|
|
result = (chkpass *) palloc(sizeof(chkpass));
|
|
|
|
mysalt[0] = salt_chars[random() & 0x3f];
|
|
mysalt[1] = salt_chars[random() & 0x3f];
|
|
mysalt[2] = 0; /* technically the terminator is not necessary
|
|
* but I like to play safe */
|
|
|
|
crypt_output = crypt(str, mysalt);
|
|
if (crypt_output == NULL)
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
errmsg("crypt() failed")));
|
|
|
|
strlcpy(result->password, crypt_output, sizeof(result->password));
|
|
|
|
PG_RETURN_POINTER(result);
|
|
}
|
|
|
|
/*
|
|
* CHKPASS output function.
|
|
* Just like any string but we know it is max 15 (13 plus colon and terminator.)
|
|
*/
|
|
|
|
PG_FUNCTION_INFO_V1(chkpass_out);
|
|
Datum
|
|
chkpass_out(PG_FUNCTION_ARGS)
|
|
{
|
|
chkpass *password = (chkpass *) PG_GETARG_POINTER(0);
|
|
char *result;
|
|
|
|
result = (char *) palloc(16);
|
|
result[0] = ':';
|
|
strcpy(result + 1, password->password);
|
|
|
|
PG_RETURN_CSTRING(result);
|
|
}
|
|
|
|
|
|
/*
|
|
* special output function that doesn't output the colon
|
|
*/
|
|
|
|
PG_FUNCTION_INFO_V1(chkpass_rout);
|
|
Datum
|
|
chkpass_rout(PG_FUNCTION_ARGS)
|
|
{
|
|
chkpass *password = (chkpass *) PG_GETARG_POINTER(0);
|
|
|
|
PG_RETURN_TEXT_P(cstring_to_text(password->password));
|
|
}
|
|
|
|
|
|
/*
|
|
* Boolean tests
|
|
*/
|
|
|
|
PG_FUNCTION_INFO_V1(chkpass_eq);
|
|
Datum
|
|
chkpass_eq(PG_FUNCTION_ARGS)
|
|
{
|
|
chkpass *a1 = (chkpass *) PG_GETARG_POINTER(0);
|
|
text *a2 = PG_GETARG_TEXT_PP(1);
|
|
char str[9];
|
|
char *crypt_output;
|
|
|
|
text_to_cstring_buffer(a2, str, sizeof(str));
|
|
crypt_output = crypt(str, a1->password);
|
|
if (crypt_output == NULL)
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
errmsg("crypt() failed")));
|
|
|
|
PG_RETURN_BOOL(strcmp(a1->password, crypt_output) == 0);
|
|
}
|
|
|
|
PG_FUNCTION_INFO_V1(chkpass_ne);
|
|
Datum
|
|
chkpass_ne(PG_FUNCTION_ARGS)
|
|
{
|
|
chkpass *a1 = (chkpass *) PG_GETARG_POINTER(0);
|
|
text *a2 = PG_GETARG_TEXT_PP(1);
|
|
char str[9];
|
|
char *crypt_output;
|
|
|
|
text_to_cstring_buffer(a2, str, sizeof(str));
|
|
crypt_output = crypt(str, a1->password);
|
|
if (crypt_output == NULL)
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
errmsg("crypt() failed")));
|
|
|
|
PG_RETURN_BOOL(strcmp(a1->password, crypt_output) != 0);
|
|
}
|