Re: crypt function crash on postgresql 9.3.20 and 10

On Fri, Feb 2, 2018 at 7:38 AM, Francisco Olarte <folarte(at)peoplecall(dot)com>
wrote:

> Seems more like pilot error than a bug....
>
> On Fri, Feb 2, 2018 at 2:11 PM, Михаил Манерко <asper(at)tagan(dot)ru> wrote:
> > If you send an asterisk in the crypt function, the function crashes.
> > example
> >
> > i=# select crypt('123','*');
> > ОШИБКА: invalid salt
> > i=#
>
> Id does not crash,

​A crash either kills the server or at least drops your connection to the
database. All this did was indicate invalid data (because you didn't use
the API correctly) and put you back at a psql prompt.​

it just rejects your salt as invalid, probably
> because it is ( does not look right to me, but I'm not in the mood for
> fully checking that ).
>

​Well "The salt string also tells crypt() which algorithm to use." ​and
"They use a random value, called the salt" - "*" looks like you trying to
specify a specific salt value which is not allowed.

>
> TFM states 'Calculates a crypt(3)-style hash of password. When storing
> a new password, you need to use gen_salt() to generate a new salt
> value. To check a password, pass the stored hash value as salt, and
> test whether the result matches the stored value.'
>

​Maybe someone could add:

HINT: use gen_salt() to generate the salt​

to the code, though given that the "salt" argument also accepts a hashed
password as input maybe complicates this.

David J.