Postgres Pro
Downloads
Home   >   mailing lists

Re: md5 authentication bug? - Mailing list pgsql-jdbc

From Bruce Momjian
Subject Re: md5 authentication bug?
Date
Msg-id 200208161938.g7GJcLU04929@candle.pha.pa.us
Whole thread Raw
In response to md5 authentication bug?  (Jun KAWAI <kwj@sa-y.com>)
List pgsql-jdbc
Tree view 
Patch applied by Dave Cramer.

---------------------------------------------------------------------------

Jun KAWAI wrote:
> Hello,
>
> I think I found a MD5 authentication bug in the PostgreSQL JDBC
> driver (PostgreSQL 7.2.1).
>
> In the openConnection() [Connection.java], the MD5 salt is converted
> to type String.  And then, MD5Digest.encode() is called with this
> String.
>
>     byte[] rst = new byte[4];
>     rst[0] = (byte)pg_stream.ReceiveChar();
>     rst[1] = (byte)pg_stream.ReceiveChar();
>     rst[2] = (byte)pg_stream.ReceiveChar();
>     rst[3] = (byte)pg_stream.ReceiveChar();
>     salt = new String(rst, 0, 4);
>     ...
>     byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, salt);
>
> But, it is not guaranteed that any byte[] is convertible to type String.
> So, it should change the MD5Digest.encode method's interface like below.
>
>     public static byte[] encode(String user, String password, byte[] salt)
>
> It must not convert the MD5 salt to type String.
>
>
> I wrote an test program as below.
> It is difference between orig_byte and conv_byte.
>
>     byte[] orig_byte = new byte[4];
>     orig_byte[0] = (byte) 0x36;
>     orig_byte[1] = (byte) 0x91;
>     orig_byte[2] = (byte) 0xce;
>     orig_byte[3] = (byte) 0xb9;
>
>     System.out.println(System.getProperty("file.encoding"));
>     System.out.println("===");
>
>     for (int i = 0; i < orig_byte.length; i++) {
>       System.out.println(orig_byte[i]);
>     }
>     System.out.println("===");
>
>     String salt = new String(orig_byte, 0, 4);
>     byte[] conv_byte = salt.getBytes();
>
>     for (int i = 0; i < conv_byte.length; i++) {
>       System.out.println(conv_byte[i]);
>     }
>
> Results:
>
>   On Linux(x86) / J2SE 1.4.1-beta
>
>     ANSI_X3.4-1968
>     ===
>     54
>     -111
>     -50
>     -71
>     ===
>     54
>     63
>     63
>     63
>
>   On Solaris(SPARC) / J2SE 1.3.1_04
>
>     eucJP
>     ===
>     54
>     -111
>     -50
>     -71
>     ===
>     54
>     63
>
>
> Thank you,
>
> Jun Kawai
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-jdbc by date:

Previous
From: Barry Lind
Date:
Subject: Re: Inserting large BLOBs via JDBC - OutOfMemoryError
Next
From: Dave Cramer
Date:
Subject: Re: md5 authentication bug?