Fix pg_md5 command crash.

Fix contributed by Muhammad Usama(from [pgpool-hackers: 302])

While looking at the pgpool-II code I found a potential crash or stack
smash in pg_md5 utility.
The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
the md5 password, and the password format generated by pg_md5_encrypt()
function is
"md5" followed by 32-hex digits, which sums up to 35 characters while the
host variable defined in update_pool_passwd() function to hold this
password can contain maximum 32 characters.

diff --git a/pg_md5.c b/pg_md5.c
index c996bda45c9e44e7bcf33fc285779bd00c48eb3f..46938389acc09fef5abee3440a7265d2c68dbd02 100644 (file)
--- a/pg_md5.c
+++ b/pg_md5.c
@@ -191,7 +191,7 @@ main(int argc, char *argv[])
 static void update_pool_passwd(char *conf_file, char *username, char *password)
 {
        struct passwd *pw;
-       char     md5[MD5_PASSWD_LEN+1];
+       char     md5[POOL_PASSWD_LEN+1];
        char pool_passwd[POOLMAXPATHLEN+1];
        char dirnamebuf[POOLMAXPATHLEN+1];
        char *dirp;