Re: md5 authentication bug?
| От | Bruce Momjian |
|---|---|
| Тема | Re: md5 authentication bug? |
| Дата | |
| Msg-id | 200208161938.g7GJcLU04929@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | md5 authentication bug? (Jun KAWAI <kwj@sa-y.com>) |
| Список | pgsql-jdbc |
Patch applied by Dave Cramer.
---------------------------------------------------------------------------
Jun KAWAI wrote:
> Hello,
>
> I think I found a MD5 authentication bug in the PostgreSQL JDBC
> driver (PostgreSQL 7.2.1).
>
> In the openConnection() [Connection.java], the MD5 salt is converted
> to type String. And then, MD5Digest.encode() is called with this
> String.
>
> byte[] rst = new byte[4];
> rst[0] = (byte)pg_stream.ReceiveChar();
> rst[1] = (byte)pg_stream.ReceiveChar();
> rst[2] = (byte)pg_stream.ReceiveChar();
> rst[3] = (byte)pg_stream.ReceiveChar();
> salt = new String(rst, 0, 4);
> ...
> byte[] digest = MD5Digest.encode(PG_USER, PG_PASSWORD, salt);
>
> But, it is not guaranteed that any byte[] is convertible to type String.
> So, it should change the MD5Digest.encode method's interface like below.
>
> public static byte[] encode(String user, String password, byte[] salt)
>
> It must not convert the MD5 salt to type String.
>
>
> I wrote an test program as below.
> It is difference between orig_byte and conv_byte.
>
> byte[] orig_byte = new byte[4];
> orig_byte[0] = (byte) 0x36;
> orig_byte[1] = (byte) 0x91;
> orig_byte[2] = (byte) 0xce;
> orig_byte[3] = (byte) 0xb9;
>
> System.out.println(System.getProperty("file.encoding"));
> System.out.println("===");
>
> for (int i = 0; i < orig_byte.length; i++) {
> System.out.println(orig_byte[i]);
> }
> System.out.println("===");
>
> String salt = new String(orig_byte, 0, 4);
> byte[] conv_byte = salt.getBytes();
>
> for (int i = 0; i < conv_byte.length; i++) {
> System.out.println(conv_byte[i]);
> }
>
> Results:
>
> On Linux(x86) / J2SE 1.4.1-beta
>
> ANSI_X3.4-1968
> ===
> 54
> -111
> -50
> -71
> ===
> 54
> 63
> 63
> 63
>
> On Solaris(SPARC) / J2SE 1.3.1_04
>
> eucJP
> ===
> 54
> -111
> -50
> -71
> ===
> 54
> 63
>
>
> Thank you,
>
> Jun Kawai
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-jdbc по дате отправления: