0001-Provide-additional-check-to-determine-if-a-password-.patch

text/plain

Filename: 0001-Provide-additional-check-to-determine-if-a-password-.patch
Type: text/plain
Part: 0
Message: Re: Possible to store invalid SCRAM-SHA-256 Passwords

Patch

Format: format-patch
Series: patch 0001
Subject: Provide additional check to determine if a password is a valid MD5 hash.
File+
src/backend/libpq/crypt.c 2 1
src/include/common/md5.h 1 0
From ab205e6fa82081d4b00fa8b67b0f33163f950cc4 Mon Sep 17 00:00:00 2001
From: "Jonathan S. Katz" <jonathan.katz@excoventures.com>
Date: Mon, 22 Apr 2019 19:27:15 -0400
Subject: [PATCH] Provide additional check to determine if a password is a
 valid MD5 hash.

The present check in "get_password_type" only checks if a password contains
the "md5" prefix and is of length MD5_PASSWD_LEN. However, this mean that
there could be invalid md5 characters stored in the digest.

This fix explicitly checks to see if a password prefixed with "md5" actually
contains the valid set of characters that can be used in a MD5 hash.
---
 src/backend/libpq/crypt.c | 3 ++-
 src/include/common/md5.h  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index db19f51c80..5617862243 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -96,7 +96,8 @@ get_password_type(const char *shadow_pass)
 	uint8		stored_key[SCRAM_KEY_LEN];
 	uint8		server_key[SCRAM_KEY_LEN];
 
-	if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN)
+	if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN &&
+				strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3)
 		return PASSWORD_TYPE_MD5;
 	if (strncmp(shadow_pass, "SCRAM-SHA-256$", strlen("SCRAM-SHA-256$")) == 0 &&
 				parse_scram_verifier(shadow_pass, &iterations, &encoded_salt, stored_key, server_key))
diff --git a/src/include/common/md5.h b/src/include/common/md5.h
index cd54c874b1..80b7475f40 100644
--- a/src/include/common/md5.h
+++ b/src/include/common/md5.h
@@ -16,6 +16,7 @@
 #ifndef PG_MD5_H
 #define PG_MD5_H
 
+#define MD5_PASSWD_CHARSET	"0123456789abcdef"
 #define MD5_PASSWD_LEN	35
 
 extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum);
-- 
2.14.3 (Apple Git-98)