ljb <ljb1813(at)pobox(dot)com> writes:
> Two possible suggested fixes to src/backend/libpq/md5.c, pg_md5_crypt():
> 1) Allocate crypt_buf to (passwd_len + 1 + salt_len)
> 2) Use memcpy(crypt_buf, passwd, passwd_len) not strcpy(crypt_buf, passwd).
> I like fix #2 better, although fix #1 avoids a weirdness with
> PQencryptPassword("","") calling malloc(0) with platform-dependent
> results (which was the problem I was chasing with pgtclng).
Hmm ... I'm inclined to do both. I agree that the memcpy coding is
cleaner than strcpy when we don't actually care about adding a trailing
null. But malloc(0) is unportable and best avoided.
regards, tom lane