pgcrypto: Detect and report too-short crypt() salts.

Noah Misch <noah@leadboat.com>

Commit: 1d812c8b059d0b9b1fba4a459c9876de0f6259b6
Author: Noah Misch <noah@leadboat.com>
Date: 2015-10-05T14:06:29Z
Releases: 9.6.0
pgcrypto: Detect and report too-short crypt() salts.

Certain short salts crashed the backend or disclosed a few bytes of
backend memory.  For existing salt-induced error conditions, emit a
message saying as much.  Back-patch to 9.0 (all supported versions).

Josh Kupershmidt

Security: CVE-2015-5288

Files