[pgpool-hackers: 303] Re: Tiny patch for crash fix in pg_md5
Tatsuo Ishii
ishii at postgresql.org
Sat Jun 29 18:32:19 JST 2013
> While looking at the pgpool-II code I found a potential crash or stack
> smash in pg_md5 utility.
> The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
> the md5 password, and the password format generated by pg_md5_encrypt()
> function is
> "md5" followed by 32-hex digits, which sums up to 35 characters while the
> host variable defined in update_pool_passwd() function to hold this
> password can contain maximum 32 characters.
>
> Please find the attached patch for the fix.
Good catch! Fix committed ti master to 3.0-stable tree.
Thanks.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list