Thread: What's wrong

What's wrong

From

ohp@pyrenet.fr

Date:

31 March 2003, 13:02:13

Hi all,

I have a problem with the attached C function sine I went to 7.3
Obviously, post_crypt(text) encrypts a clear password and
sql_crypt(text,text) is supposed to encrypt the clear passwd with the
encrypted value.

It worked fine in 7.2 but now IFAICS, it never gives the original result
and moreover, if I run SELECT sql_crypt('xxx','xxx') several times, it
gives 3 diferent results and loops other those 3 results.

I must have done something wrong but what???

TIA

-- 
Olivier PRENANT             Tel:    +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)

Re: What's wrong

From

Tom Lane

Date:

31 March 2003, 13:24:44

ohp@pyrenet.fr writes:
> It worked fine in 7.2 but now IFAICS, it never gives the original result
> and moreover, if I run SELECT sql_crypt('xxx','xxx') several times, it
> gives 3 diferent results and loops other those 3 results.

I would've expected it to be unreliable under previous versions too.
AFAICS you aren't taking care to ensure that the inputs to crypt()
are null-terminated.
        regards, tom lane

Re: What's wrong

From

ohp@pyrenet.fr

Date:

31 March 2003, 15:01:42

I agree,

But I've been doing this by the book, what should I do then?
On Mon, 31 Mar 2003, Tom Lane wrote:

> Date: Mon, 31 Mar 2003 13:24:42 -0500
> From: Tom Lane <tgl@sss.pgh.pa.us>
> To: ohp@pyrenet.fr
> Cc: pgsql-hackers list <pgsql-hackers@postgresql.org>
> Subject: Re: [HACKERS] What's wrong
>
> ohp@pyrenet.fr writes:
> > It worked fine in 7.2 but now IFAICS, it never gives the original result
> > and moreover, if I run SELECT sql_crypt('xxx','xxx') several times, it
> > gives 3 diferent results and loops other those 3 results.
>
> I would've expected it to be unreliable under previous versions too.
> AFAICS you aren't taking care to ensure that the inputs to crypt()
> are null-terminated.
>
>             regards, tom lane
>

-- 
Olivier PRENANT             Tel:    +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)

Re: What's wrong

From

ohp@pyrenet.fr

Date:

31 March 2003, 15:36:46

Never mind, it seems I found the bug.

May I suggest something in the docs a bit more explicit than it is...

Regards and many_ thanks
On Mon, 31 Mar 2003, Tom Lane wrote:

> Date: Mon, 31 Mar 2003 13:24:42 -0500
> From: Tom Lane <tgl@sss.pgh.pa.us>
> To: ohp@pyrenet.fr
> Cc: pgsql-hackers list <pgsql-hackers@postgresql.org>
> Subject: Re: [HACKERS] What's wrong
>
> ohp@pyrenet.fr writes:
> > It worked fine in 7.2 but now IFAICS, it never gives the original result
> > and moreover, if I run SELECT sql_crypt('xxx','xxx') several times, it
> > gives 3 diferent results and loops other those 3 results.
>
> I would've expected it to be unreliable under previous versions too.
> AFAICS you aren't taking care to ensure that the inputs to crypt()
> are null-terminated.
>
>             regards, tom lane
>

-- 
Olivier PRENANT             Tel:    +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)