pgcrypto: Detect and report too-short crypt() salts. Certain short salts crashed the backend or disclosed a few bytes of backend memory. For existing salt-induced error conditions, emit a message saying as much. Back-patch to 9.0 (all supported versions). Josh Kupershmidt Security: CVE-2015-5288 Branch ------ REL9_0_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/188e081ef891d8590d2675b44331b8c450f616c4 Modified Files -------------- contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++-- contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++--- contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++ contrib/pgcrypto/expected/crypt-des.out | 4 ++++ contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++ contrib/pgcrypto/px-crypt.c | 2 +- contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++ contrib/pgcrypto/sql/crypt-des.sql | 4 ++++ contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++ 9 files changed, 103 insertions(+), 6 deletions(-)
pgsql-committers by date:
Соглашаюсь с условиями обработки персональных данных