From: Tatsuo Ishii <ishii@postgresql.org>
Date: Sat, 29 Jun 2013 09:21:33 +0000 (+0900)
Subject: Fix pg_md5 command crash.
X-Git-Tag: V3_1_8~4^2
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=2db2a9661cca20721343105b13a586ee2f121a75;p=pgpool2.git

Fix pg_md5 command crash.

Fix contributed by Muhammad Usama(from [pgpool-hackers: 302])

While looking at the pgpool-II code I found a potential crash or stack
smash in pg_md5 utility.
The problem is update_pool_passwd() calls pg_md5_encrypt() function to get
the md5 password, and the password format generated by pg_md5_encrypt()
function is
"md5" followed by 32-hex digits, which sums up to 35 characters while the
host variable defined in update_pool_passwd() function to hold this
password can contain maximum 32 characters.
---

diff --git a/pg_md5.c b/pg_md5.c
index c996bda45..46938389a 100644
--- a/pg_md5.c
+++ b/pg_md5.c
@@ -191,7 +191,7 @@ main(int argc, char *argv[])
 static void update_pool_passwd(char *conf_file, char *username, char *password)
 {
 	struct passwd *pw;
-	char	 md5[MD5_PASSWD_LEN+1];
+	char	 md5[POOL_PASSWD_LEN+1];
 	char pool_passwd[POOLMAXPATHLEN+1];
 	char dirnamebuf[POOLMAXPATHLEN+1];
 	char *dirp;