From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Jun KAWAI <kwj(at)sa-y(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: md5 authentication bug? |
Date: | 2002-08-16 19:38:21 |
Message-ID: | 200208161938.g7GJcLU04929@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Patch applied by Dave Cramer.
---------------------------------------------------------------------------
Jun KAWAI wrote:
> Hello,
>
> I think I found a MD5 authentication bug in the PostgreSQL JDBC
> driver (PostgreSQL 7.2.1).
>
> In the openConnection() [Connection.java], the MD5 salt is converted
> to type String. And then, MD5Digest.encode() is called with this
> String.
>
> byte[] rst = new byte[4];
> rst[0] = (byte)pg_stream.ReceiveChar();
> rst[1] = (byte)pg_stream.ReceiveChar();
> rst[2] = (byte)pg_stream.ReceiveChar();
> rst[3] = (byte)pg_stream.ReceiveChar();
> salt = new String(rst, 0, 4);
> ...
> byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, salt);
>
> But, it is not guaranteed that any byte[] is convertible to type String.
> So, it should change the MD5Digest.encode method's interface like below.
>
> public static byte[] encode(String user, String password, byte[] salt)
>
> It must not convert the MD5 salt to type String.
>
>
> I wrote an test program as below.
> It is difference between orig_byte and conv_byte.
>
> byte[] orig_byte = new byte[4];
> orig_byte[0] = (byte) 0x36;
> orig_byte[1] = (byte) 0x91;
> orig_byte[2] = (byte) 0xce;
> orig_byte[3] = (byte) 0xb9;
>
> System.out.println(System.getProperty("file.encoding"));
> System.out.println("===");
>
> for (int i = 0; i < orig_byte.length; i++) {
> System.out.println(orig_byte[i]);
> }
> System.out.println("===");
>
> String salt = new String(orig_byte, 0, 4);
> byte[] conv_byte = salt.getBytes();
>
> for (int i = 0; i < conv_byte.length; i++) {
> System.out.println(conv_byte[i]);
> }
>
> Results:
>
> On Linux(x86) / J2SE 1.4.1-beta
>
> ANSI_X3.4-1968
> ===
> 54
> -111
> -50
> -71
> ===
> 54
> 63
> 63
> 63
>
> On Solaris(SPARC) / J2SE 1.3.1_04
>
> eucJP
> ===
> 54
> -111
> -50
> -71
> ===
> 54
> 63
>
>
> Thank you,
>
> Jun Kawai
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Barry Lind | 2002-08-17 00:42:12 | Re: Problem with getBytes and TIME |
Previous Message | Dave Cramer | 2002-08-16 19:35:05 | Re: md5 authentication bug? |