| From: | Bernd Helmle <mailings(at)oopsware(dot)de> |
|---|---|
| To: | Japin Li <japinli(at)hotmail(dot)com> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Modern SHA2- based password hashes for pgcrypto |
| Date: | 2025-01-07 17:48:25 |
| Message-ID: | 7bde94157f8357a59a9d6de1f74a1b6d7705c5b0.camel@oopsware.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Am Samstag, dem 04.01.2025 um 08:19 +0800 schrieb Japin Li:
> (gdb) bt
> #0 __pthread_kill_implementation (no_tid=0, signo=6,
> threadid=<optimized out>) at ./nptl/pthread_kill.c:44
> #1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at
> ./nptl/pthread_kill.c:78
> #2 __GI___pthread_kill (threadid=<optimized out>,
> signo=signo(at)entry=6) at ./nptl/pthread_kill.c:89
> #3 0x00007ba852a4526e in __GI_raise (sig=sig(at)entry=6) at
> ../sysdeps/posix/raise.c:26
> #4 0x00007ba852a288ff in __GI_abort () at ./stdlib/abort.c:79
> #5 0x00007ba852a297b6 in __libc_message_impl
> (fmt=fmt(at)entry=0x7ba852bce765 "*** %s ***: terminated\n") at
> ../sysdeps/posix/libc_fatal.c:132
> #6 0x00007ba852b36c19 in __GI___fortify_fail
> (msg=msg(at)entry=0x7ba852bce77d "stack smashing detected") at
> ./debug/fortify_fail.c:24
> #7 0x00007ba852b37ea4 in __stack_chk_fail () at
> ./debug/stack_chk_fail.c:24
> #8 0x00007ba853d8cb2e in px_crypt_shacrypt (pw=0x64e191229370
> "hello", salt=0x64e191229388 "$5$$6$rounds=10000$/Zg436s2vmTwsoSz",
> passwd=0x64e1912293d8
> "$6$rounds=10000$/Zg436s2vmTwsoSz$TTCnOO7S5pkJHBVJ.oL74WN1Yt0n1RfQOWd
> 60CRb4xtd9q7ChipyZ00jwYZfhDGRRJOoJNOgYKAVGpdmA8qhT1", dstlen=128) at
> /data/Codes/pg/master/build/../contrib/pgcrypto/crypt-sha.c:546
Thank you very much.
This points to the same area i've investigated and it turned out i
confused length macros for the password salt, leading to the out_buf
buffer in px_crypt_shacrypt() being too small, stupid me.
Attached is a new version of the patch:
- Use correct length for the out_buf result buffer in
px_crypt_shacrypt()
- Silent a compiler warning in the error goto branch in
px_crypt_shacrypt()
- Don't accept rounds values lower or larger than supported (previously
they were silently changed to minimum/maximum).
- Per your suggestions, use CHECK_FOR_INTERRUPTS() during block
calculation to make it possible to interrupt the code when using large
values for the rounds option and just rely on the very first three
bytes when parsing the magic bytes of the salt string.
Please test again.
Bernd
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-modern-SHA-2-based-password-hashes-to-pgcrypto-v2.patch | text/x-patch | 32.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2025-01-07 18:21:42 | Re: Meson bug in detection of 64 atomics |
| Previous Message | Matthias van de Meent | 2025-01-07 17:46:44 | Re: Incorrect result of bitmap heap scan. |