Sean Chittenden <[EMAIL PROTECTED]> writes:
> My bet is Pg is smashing OpenSSL's stack when
> passing more than 2 chars as a salt.
I looked at the code a little bit and that doesn't seem to be the case.
On my machine the core dump seems to be because EVP_DigestUpdate is
called with a EVP_MD_CTX t
> > Try applying the attached patch and seeing if that lets you
> > reproduce the crash.
>
> Hmm. I get *a* crash, maybe not the same one. But there's no
> autoconfiguration of this setting in pgcrypto/Makefile, so how would
> anyone be using anything but builtin crypt()?
I patch contrib/pgcryp
Sean Chittenden <[EMAIL PROTECTED]> writes:
> Try applying the attached patch and seeing if that lets you reproduce
> the crash.
Hmm. I get *a* crash, maybe not the same one. But there's no
autoconfiguration of this setting in pgcrypto/Makefile, so how would
anyone be using anything but builtin
> > Possible, but I'm a skeptical of that. FreeBSD's openssl code
> > _should_ be stock (unless someone bungled the import) with the
> > exception of not including Win32 or other non-FreeBSD related
> > bits. crypt() works when salted with only 2 chars, however it
> > shouldn't core with more tha
Sean Chittenden <[EMAIL PROTECTED]> writes:
> Possible, but I'm a skeptical of that. FreeBSD's openssl code
> _should_ be stock (unless someone bungled the import) with the
> exception of not including Win32 or other non-FreeBSD related bits.
> crypt() works when salted with only 2 chars, however
> >> Perhaps the problem is that Marko didn't fix the crypt() code in
> >> the same way?
>
> > Ah, I think that's _very_ likely the case here... -sc
>
> I updated to openssl 0.9.7b on my HPUX machine, and still do not see any
> failure in
>
> regression=# SELECT crypt('lalalal',gen_salt('md5'))
Sean Chittenden <[EMAIL PROTECTED]> writes:
>> Perhaps the problem is that Marko didn't fix the crypt() code in the
>> same way?
> Ah, I think that's _very_ likely the case here... -sc
I updated to openssl 0.9.7b on my HPUX machine, and still do not see any
failure in
regression=# SELECT crypt(
> >> testdb=# SELECT crypt('lalalal',gen_salt('md5'));
> >> server closed the connection unexpectedly
>
> > FWIW, I can confirm this, but I don't think it's a FreeBSD specific
> > problem given that the backend dies inside of an OpenSSL routine.
>
> Works fine here:
>
> regression=# SELECT crypt
> > FWIW, I can confirm this, but I don't think it's a FreeBSD
> > specific problem given that the backend dies inside of an OpenSSL
> > routine.
>
> > #0 0x2864ae9c in EVP_DigestUpdate () from /usr/lib/libcrypto.so.3
> > #1 0x28576a90 in px_find_cipher () from /usr/local/lib/postgresql/pgcrypto
Sean Chittenden <[EMAIL PROTECTED]> writes:
> FWIW, I can confirm this, but I don't think it's a FreeBSD specific
> problem given that the backend dies inside of an OpenSSL routine.
> #0 0x2864ae9c in EVP_DigestUpdate () from /usr/lib/libcrypto.so.3
> #1 0x28576a90 in px_find_cipher () from /usr
Sean Chittenden <[EMAIL PROTECTED]> writes:
>> testdb=# SELECT crypt('lalalal',gen_salt('md5'));
>> server closed the connection unexpectedly
> FWIW, I can confirm this, but I don't think it's a FreeBSD specific
> problem given that the backend dies inside of an OpenSSL routine.
Works fine here:
> Please describe a way to repeat the problem. Please try to provide a
> concise reproducible example, if at all possible:
> --
>
> testdb=# SELECT crypt('lalalal',gen_salt('md5'));
>
> server closed the connection unexp
POSTGRESQL BUG REPORT TEMPLATE
Your name : Alexey Rodin
Your email address : [EMAIL PRO
13 matches
Mail list logo
