From ab205e6fa82081d4b00fa8b67b0f33163f950cc4 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Mon, 22 Apr 2019 19:27:15 -0400 Subject: [PATCH] Provide additional check to determine if a password is a valid MD5 hash. The present check in "get_password_type" only checks if a password contains the "md5" prefix and is of length MD5_PASSWD_LEN. However, this mean that there could be invalid md5 characters stored in the digest. This fix explicitly checks to see if a password prefixed with "md5" actually contains the valid set of characters that can be used in a MD5 hash. --- src/backend/libpq/crypt.c | 3 ++- src/include/common/md5.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index db19f51c80..5617862243 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -96,7 +96,8 @@ get_password_type(const char *shadow_pass) uint8 stored_key[SCRAM_KEY_LEN]; uint8 server_key[SCRAM_KEY_LEN]; - if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN) + if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN && + strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3) return PASSWORD_TYPE_MD5; if (strncmp(shadow_pass, "SCRAM-SHA-256$", strlen("SCRAM-SHA-256$")) == 0 && parse_scram_verifier(shadow_pass, &iterations, &encoded_salt, stored_key, server_key)) diff --git a/src/include/common/md5.h b/src/include/common/md5.h index cd54c874b1..80b7475f40 100644 --- a/src/include/common/md5.h +++ b/src/include/common/md5.h @@ -16,6 +16,7 @@ #ifndef PG_MD5_H #define PG_MD5_H +#define MD5_PASSWD_CHARSET "0123456789abcdef" #define MD5_PASSWD_LEN 35 extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum); -- 2.14.3 (Apple Git-98)