Re: md5 authentication bug?

Patch has been applied,

Thanks,

Dave
On Thu, 2002-08-15 at 14:09, Jun KAWAI wrote:
> > I think I found a MD5 authentication bug in the PostgreSQL JDBC
> > driver (PostgreSQL 7.2.1).
>
> I forgot to attach a diff file.
>
>
> Thank you.
>
> Jun Kawai
> ----
>

> diff -uNr postgresql-7.2.1.orig/src/interfaces/jdbc/org/postgresql/Connection.java postgresql-7.2.1/src/interfaces/jdbc/org/postgresql/Connection.java
> --- postgresql-7.2.1.orig/src/interfaces/jdbc/org/postgresql/Connection.java Tue Dec 11 13:44:23 2001
> +++ postgresql-7.2.1/src/interfaces/jdbc/org/postgresql/Connection.java Tue Aug 13 20:43:24 2002
> @@ -67,6 +67,7 @@
>
> // New for 6.3, salt value for crypt authorisation
> private String salt;
> + private byte[] md5salt = new byte[4];
>
> // These are used to cache oids, PGTypes and SQLTypes
> private static Hashtable sqlTypeCache = new Hashtable(); // oid -> SQLType
> @@ -194,12 +195,11 @@
> // Or get the md5 password salt if there is one
> if (areq == AUTH_REQ_MD5)
> {
> - byte[] rst = new byte[4];
> - rst[0] = (byte)pg_stream.ReceiveChar();
> - rst[1] = (byte)pg_stream.ReceiveChar();
> - rst[2] = (byte)pg_stream.ReceiveChar();
> - rst[3] = (byte)pg_stream.ReceiveChar();
> - salt = new String(rst, 0, 4);
> + md5salt[0] = (byte)pg_stream.ReceiveChar();
> + md5salt[1] = (byte)pg_stream.ReceiveChar();
> + md5salt[2] = (byte)pg_stream.ReceiveChar();
> + md5salt[3] = (byte)pg_stream.ReceiveChar();
> + salt = new String(md5salt, 0, 4);
> DriverManager.println("MD5 salt=" + salt);
> }
>
> @@ -236,7 +236,7 @@
>
> case AUTH_REQ_MD5:
> DriverManager.println("postgresql: MD5");
> - byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, salt);
> + byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, md5salt);
> pg_stream.SendInteger(5 + digest.length, 4);
> pg_stream.Send(digest);
> pg_stream.SendInteger(0, 1);
> diff -uNr postgresql-7.2.1.orig/src/interfaces/jdbc/org/postgresql/util/MD5Digest.java postgresql-7.2.1/src/interfaces/jdbc/org/postgresql/util/MD5Digest.java
> --- postgresql-7.2.1.orig/src/interfaces/jdbc/org/postgresql/util/MD5Digest.java Mon Nov 26 08:26:59 2001
> +++ postgresql-7.2.1/src/interfaces/jdbc/org/postgresql/util/MD5Digest.java Tue Aug 13 20:40:00 2002
> @@ -21,11 +21,11 @@
> *
> * @param user The connecting user.
> * @param password The connecting user's password.
> - * @param salt A four-character string sent by the server.
> + * @param salt A four-byte salt sent by the server.
> *
> * @return A 35-byte array, comprising the string "md5" and an MD5 digest.
> */
> - public static byte[] encode(String user, String password, String salt)
> + public static byte[] encode(String user, String password, byte[] salt)
> {
> MessageDigest md;
> byte[] temp_digest, pass_digest;
> @@ -41,7 +41,7 @@
>
> bytesToHex(temp_digest, hex_digest, 0);
> md.update(hex_digest, 0, 32);
> - md.update(salt.getBytes());
> + md.update(salt);
> pass_digest = md.digest();
>
> bytesToHex(pass_digest, hex_digest, 3);
> ----
>

>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly