upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-22 06:37:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
42101 commits 38 branches 679 tags 844 MiB
Commit graph

16 commits

Author SHA1 Message Date
Michael Paquier
af298f00a1 Fix detection of passwords hashed with MD5 
This commit fixes an issue related to the way password verifiers hashed
with MD5 are detected, leading to possibly detect that plain passwords
are legit MD5 hashes.  A MD5-hashed entry was checked based on if its
header uses "md5" and if the string length matches what is expected.
Unfortunately the code never checked if the hash only used hexadecimal
characters after the three-character prefix.

Fix 9.6 down to 9.4, where this code is present.  This area of the code
has changed in 10 and upwards with the introduction of SCRAM, which led
to a different fix committed as of ccae190.

Reported-by: Tom Lane
Author: Michael Paquier
Reviewed-by: Jonathan Katz
Discussion: https://postgr.es/m/016deb6b-1f0a-8e9f-1833-a8675b170aa9@postgresql.org
Backpatch-through: 9.4
 2019-04-24 09:05:25 +09:00
Bruce Momjian
ee94300446 Update copyright for 2016 
Backpatch certain files through 9.1
 2016-01-02 13:33:40 -05:00
Bruce Momjian
4baaf863ec Update copyright for 2015 
Backpatch certain files through 9.0
 2015-01-06 11:43:47 -05:00
Bruce Momjian
7e04792a1c Update copyright for 2014 
Update all files in head, and files COPYRIGHT and legal.sgml in all back
branches.
 2014-01-07 16:05:30 -05:00
Bruce Momjian
bd61a623ac Update copyrights for 2013 
Fully update git head, and update back branches in ./COPYRIGHT and
legal.sgml files.
 2013-01-01 17:15:01 -05:00
Bruce Momjian
e126958c2e Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
Bruce Momjian
5d950e3b0c Stamp copyrights for year 2011. 2011-01-01 13:18:15 -05:00
Magnus Hagander
9f2e211386 Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
Magnus Hagander
b3daac5a9c Add support for RADIUS authentication. 2010-01-27 12:12:00 +00:00
Bruce Momjian
0239800893 Update copyright for the year 2010. 2010-01-02 16:58:17 +00:00
Bruce Momjian
511db38ace Update copyright for 2009. 2009-01-01 17:24:05 +00:00
Bruce Momjian
9098ab9e32 Update copyrights in source tree to 2008. 2008-01-01 19:46:01 +00:00
Bruce Momjian
29dccf5fe0 Update CVS HEAD for 2007 copyright. Back branches are typically not 
back-stamped for this.
 2007-01-05 22:20:05 +00:00
Tom Lane
47a37aeebd Split definitions for md5.c out of crypt.h and into their own header 
libpq/md5.h, so that there's a clear separation between backend-only
definitions and shared frontend/backend definitions.  (Turns out this
is reversing a bad decision from some years ago...)  Fix up references
to crypt.h as needed.  I looked into moving the code into src/port, but
the headers in src/include/libpq are sufficiently intertwined that it
seems more work than it's worth to do that.
 2006-06-20 19:56:52 +00:00
Bruce Momjian
d4fb1b2388 Move md5.h contents to crypt.h. 2001-08-15 21:08:21 +00:00
Bruce Momjian
957613be18 Add new files. 2001-08-15 18:42:55 +00:00