[pgpool-committers: 1092] pgpool: Fix pg_md5 command crash.

Tatsuo Ishii ishii at postgresql.org
Sat Jun 29 18:31:43 JST 2013


Fix pg_md5 command crash.

Fix contributed by Muhammad Usama(from [pgpool-hackers: 302])

While looking at the pgpool-II code I found a potential crash or stack
smash in pg_md5 utility.
The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
the md5 password, and the password format generated by pg_md5_encrypt()
function is
"md5" followed by 32-hex digits, which sums up to 35 characters while the
host variable defined in update_pool_passwd() function to hold this
password can contain maximum 32 characters.

Branch
------
V3_0_STABLE

Details
-------
http://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=00545f8cb887ab629dde4b53e257423bd4b1a43b

Modified Files
--------------
pg_md5.c |    2 +-
1 file changed, 1 insertion(+), 1 deletion(-)



More information about the pgpool-committers mailing list