Force crypt() salt to be null-terminated.

src/backend/libpq/crypt.c

@@ -9,7 +9,7 @@
  * Dec 17, 1997 - Todd A. Brandys
  *	Orignal Version Completed.
  *
- * $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $
+ * $Id: crypt.c,v 1.36 2001/08/17 03:09:31 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -281,7 +281,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
 	if (isMD5(passwd) && port->auth_method != uaMD5)
 	{
 		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-		 	"Password is stored MD5 encrypted.  "
+			"Password is stored MD5 encrypted.  "
 			"Only pg_hba.conf's MD5 protocol can be used for this user.\n");
 		fputs(PQerrormsg, stderr);
 		pqdebug("%s", PQerrormsg);
@@ -295,8 +295,12 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
 	switch (port->auth_method)
 	{
 		case uaCrypt:
-			crypt_pwd = crypt(passwd, port->cryptSalt);
+		{
+			char salt[3];
+			StrNCpy(salt, port->cryptSalt,3);
+			crypt_pwd = crypt(passwd, salt);
 			break;
+		}
 		case uaMD5:
 			crypt_pwd = palloc(MD5_PASSWD_LEN+1);
 			if (isMD5(passwd))

src/interfaces/libpq/fe-auth.c

@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.51 2001/08/17 02:59:19 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.52 2001/08/17 03:09:31 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -443,8 +443,13 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 	switch (areq)
 	{
 		case AUTH_REQ_CRYPT:
-			crypt_pwd = crypt(password, conn->cryptSalt);
+		{
+			char salt[3];
+
+			StrNCpy(salt, conn->cryptSalt,3);
+			crypt_pwd = crypt(password, salt);
 			break;
+		}
 		case AUTH_REQ_MD5:
 			{
 				char *crypt_pwd2;