md5 authentication bug?

Hello,

I think I found a MD5 authentication bug in the PostgreSQL JDBC
driver (PostgreSQL 7.2.1).

In the openConnection() [Connection.java], the MD5 salt is converted
to type String. And then, MD5Digest.encode() is called with this
String.

byte[] rst = new byte[4];
rst[0] = (byte)pg_stream.ReceiveChar();
rst[1] = (byte)pg_stream.ReceiveChar();
rst[2] = (byte)pg_stream.ReceiveChar();
rst[3] = (byte)pg_stream.ReceiveChar();
salt = new String(rst, 0, 4);
...
byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, salt);

But, it is not guaranteed that any byte[] is convertible to type String.
So, it should change the MD5Digest.encode method's interface like below.

public static byte[] encode(String user, String password, byte[] salt)

It must not convert the MD5 salt to type String.

I wrote an test program as below.
It is difference between orig_byte and conv_byte.

byte[] orig_byte = new byte[4];
orig_byte[0] = (byte) 0x36;
orig_byte[1] = (byte) 0x91;
orig_byte[2] = (byte) 0xce;
orig_byte[3] = (byte) 0xb9;

System.out.println(System.getProperty("file.encoding"));
System.out.println("===");

for (int i = 0; i < orig_byte.length; i++) {
System.out.println(orig_byte[i]);
}
System.out.println("===");

String salt = new String(orig_byte, 0, 4);
byte[] conv_byte = salt.getBytes();

for (int i = 0; i < conv_byte.length; i++) {
System.out.println(conv_byte[i]);
}

Results:

On Linux(x86) / J2SE 1.4.1-beta

ANSI_X3.4-1968
===
54
-111
-50
-71
===
54
63
63
63

On Solaris(SPARC) / J2SE 1.3.1_04

eucJP
===
54
-111
-50
-71
===
54
63

Thank you,

Jun Kawai