[pgpool-hackers: 302] Tiny patch for crash fix in pg_md5
Muhammad Usama
m.usama at gmail.com
Fri Jun 28 22:17:31 JST 2013
Hi
While looking at the pgpool-II code I found a potential crash or stack
smash in pg_md5 utility.
The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
the md5 password, and the password format generated by pg_md5_encrypt()
function is
"md5" followed by 32-hex digits, which sums up to 35 characters while the
host variable defined in update_pool_passwd() function to hold this
password can contain maximum 32 characters.
Please find the attached patch for the fix.
Thanks
Muhammad Usama
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20130628/2cb943ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash_fix_pg_md5.patch
Type: application/octet-stream
Size: 398 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20130628/2cb943ad/attachment.obj>
More information about the pgpool-hackers
mailing list