Re: crypt function crash on postgresql 9.3.20 and 10

"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> If you are saying 9.3.2 gives a result and 9.3.20 raises an error I suspect
> the response in 9.3.2 was bogus and giving an error instead of a bogus
> result was deemed the best fix.

A bit of diving in the git history says that behavior changed here:

Author: Noah Misch <noah(at)leadboat(dot)com>
Branch: master Release: REL9_6_BR [1d812c8b0] 2015-10-05 10:06:29 -0400
Branch: REL9_5_STABLE Release: REL9_5_0 [4d6752277] 2015-10-05 10:06:33 -0400
Branch: REL9_4_STABLE Release: REL9_4_5 [4d95419e8] 2015-10-05 10:06:34 -0400
Branch: REL9_3_STABLE Release: REL9_3_10 [cc1210f0a] 2015-10-05 10:06:34 -0400
Branch: REL9_2_STABLE Release: REL9_2_14 [56232f987] 2015-10-05 10:06:35 -0400
Branch: REL9_1_STABLE Release: REL9_1_19 [48f6310bc] 2015-10-05 10:06:35 -0400
Branch: REL9_0_STABLE Release: REL9_0_23 [188e081ef] 2015-10-05 10:06:36 -0400

pgcrypto: Detect and report too-short crypt() salts.

Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).

Josh Kupershmidt

Security: CVE-2015-5288

The 9.3.10 release notes do contain an entry about this.

regards, tom lane