From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Michael <asper(at)tagan(dot)ru>, Rainer Pruy <Rainer(dot)Pruy(at)acrys(dot)com>, Pavan Teja <pavan(dot)postgresdba(at)gmail(dot)com>, Mike Porter <mike(at)udel(dot)edu>, Postgres Bug <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: crypt function crash on postgresql 9.3.20 and 10 |
Date: | 2018-02-02 23:38:11 |
Message-ID: | 2008.1517614691@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> If you are saying 9.3.2 gives a result and 9.3.20 raises an error I suspect
> the response in 9.3.2 was bogus and giving an error instead of a bogus
> result was deemed the best fix.
A bit of diving in the git history says that behavior changed here:
Author: Noah Misch <noah(at)leadboat(dot)com>
Branch: master Release: REL9_6_BR [1d812c8b0] 2015-10-05 10:06:29 -0400
Branch: REL9_5_STABLE Release: REL9_5_0 [4d6752277] 2015-10-05 10:06:33 -0400
Branch: REL9_4_STABLE Release: REL9_4_5 [4d95419e8] 2015-10-05 10:06:34 -0400
Branch: REL9_3_STABLE Release: REL9_3_10 [cc1210f0a] 2015-10-05 10:06:34 -0400
Branch: REL9_2_STABLE Release: REL9_2_14 [56232f987] 2015-10-05 10:06:35 -0400
Branch: REL9_1_STABLE Release: REL9_1_19 [48f6310bc] 2015-10-05 10:06:35 -0400
Branch: REL9_0_STABLE Release: REL9_0_23 [188e081ef] 2015-10-05 10:06:36 -0400
pgcrypto: Detect and report too-short crypt() salts.
Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
The 9.3.10 release notes do contain an entry about this.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | PG Bug reporting form | 2018-02-03 01:02:21 | BUG #15046: non-greedy ignored |
Previous Message | Jeff Janes | 2018-02-02 23:33:13 | Re: BUG #15045: Partitioning not working as intended |