Fix possible buffer overrun and/or unportable behavior in pg_md5_encrypt()
Tom Lane <tgl@sss.pgh.pa.us>
Fix possible buffer overrun and/or unportable behavior in pg_md5_encrypt() if salt_len == 0. This seems to be mostly academic, since nearly all calling code paths guarantee nonempty salt; the only case that doesn't is PQencryptPassword where the caller could mistakenly pass an empty username. So, fix it but don't bother backpatching. Per ljb.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/libpq/md5.c | modified | +4 −3 |