Commit 80986e85 authored by Tom Lane's avatar Tom Lane

Avoid returning undefined bytes in chkpass_in().

We can't really fix the problem that the result is defined to depend on
random(), so it is still going to fail the "unstable input conversion"
test in parse_type.c.  However, we can at least satify valgrind.  (It
looks like this code used to be valgrind-clean, actually, until somebody
did a careless s/strncpy/strlcpy/g on it.)

In passing, let's just make real sure that chkpass_out doesn't overrun
its output buffer.

No need for backpatch, I think, since this is just to satisfy debugging
tools.

Asif Naeem
parent 33e879c4
......@@ -65,7 +65,7 @@ chkpass_in(PG_FUNCTION_ARGS)
/* special case to let us enter encrypted passwords */
if (*str == ':')
{
result = (chkpass *) palloc(sizeof(chkpass));
result = (chkpass *) palloc0(sizeof(chkpass));
strlcpy(result->password, str + 1, 13 + 1);
PG_RETURN_POINTER(result);
}
......@@ -75,7 +75,7 @@ chkpass_in(PG_FUNCTION_ARGS)
(errcode(ERRCODE_DATA_EXCEPTION),
errmsg("password \"%s\" is weak", str)));
result = (chkpass *) palloc(sizeof(chkpass));
result = (chkpass *) palloc0(sizeof(chkpass));
mysalt[0] = salt_chars[random() & 0x3f];
mysalt[1] = salt_chars[random() & 0x3f];
......@@ -107,7 +107,7 @@ chkpass_out(PG_FUNCTION_ARGS)
result = (char *) palloc(16);
result[0] = ':';
strcpy(result + 1, password->password);
strlcpy(result + 1, password->password, 15);
PG_RETURN_CSTRING(result);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment