[pgpool-committers: 1092] pgpool: Fix pg_md5 command crash.

Tatsuo Ishii ishii at postgresql.org
Sat Jun 29 18:31:43 JST 2013

Fix pg_md5 command crash.

Fix contributed by Muhammad Usama(from [pgpool-hackers: 302])

While looking at the pgpool-II code I found a potential crash or stack
smash in pg_md5 utility.
The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
the md5 password, and the password format generated by pg_md5_encrypt()
function is
"md5" followed by 32-hex digits, which sums up to 35 characters while the
host variable defined in update_pool_passwd() function to hold this
password can contain maximum 32 characters.



Modified Files
pg_md5.c |    2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

More information about the pgpool-committers mailing list