> > Try applying the attached patch and seeing if that lets you
> > reproduce the crash.
>
> Hmm. I get *a* crash, maybe not the same one. But there's no
> autoconfiguration of this setting in pgcrypto/Makefile, so how would
> anyone be using anything but builtin crypt()?
I patch contrib/pgcrypto/Makefile in FreeBSD's postgresql-devel port
to turn on the use of the OpenSSL where applicable. FreeBSD and
OpenBSD have hardware offloading support for crypto routines, but
offloading (the speedup of crypto handling is measured in orders of
magnitude) only takes place when OpenSSL's lib handle the crypto,
hence the patch. I'm torn as to what to do, I'll probably
conditionalize that part of the patch behind an #ifdef unless a patch
comes through shortly. My bet is Pg is smashing OpenSSL's stack when
passing more than 2 chars as a salt. When passed the right arguments,
pgcrypto works correctly, but it falls on its face when OpenSSL is
handed out of bounds data.
More than anything, I think I should submit a quick doc patch to the
README so that people use a DES salt when using a DES based crypt()
routine and an md5 salt when calling an md5 crypt routine, which is
where the bug submitter triggered this boundary condition.
-sc
--
Sean Chittenden
