pgcrypto: Detect and report too-short crypt() salts. Certain short salts crashed the backend or disclosed a few bytes of backend memory. For existing salt-induced error conditions, emit a message saying as much. Back-patch to 9.0 (all supported versions). Josh Kupershmidt Security: CVE-2015-5288 Branch ------ REL9_5_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/4d6752277e792386e54b036aee8f64ee4fa84cf1 Modified Files -------------- contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++-- contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++--- contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++ contrib/pgcrypto/expected/crypt-des.out | 4 ++++ contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++ contrib/pgcrypto/px-crypt.c | 2 +- contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++ contrib/pgcrypto/sql/crypt-des.sql | 4 ++++ contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++ 9 files changed, 103 insertions(+), 6 deletions(-)
pgsql-committers by date:
Соглашаюсь с условиями обработки персональных данных