Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > d3c4bfd951c25dab3d8c83571c73f957 > files > 18

postgresql-8.1.23-10.el5_10.src.rpm

Back-ported upstream patch for CVE-2012-2143: incorrect password
transformation in contrib/pgcrypto's DES crypt().


diff -Naur postgresql-8.1.23.orig/contrib/pgcrypto/crypt-des.c postgresql-8.1.23/contrib/pgcrypto/crypt-des.c
--- postgresql-8.1.23.orig/contrib/pgcrypto/crypt-des.c	2010-12-13 22:52:30.000000000 -0500
+++ postgresql-8.1.23/contrib/pgcrypto/crypt-des.c	2012-06-12 19:47:22.306408037 -0400
@@ -666,7 +666,8 @@
 	q = (uint8 *) keybuf;
 	while (q - (uint8 *) keybuf - 8)
 	{
-		if ((*q++ = *key << 1))
+		*q++ = *key << 1;
+		if (*key != '\0')
 			key++;
 	}
 	if (des_setkey((char *) keybuf))

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional