aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/crypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/crypt.c')
-rw-r--r--src/backend/libpq/crypt.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index d79f5a24968..9cd7f787cc3 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -74,12 +74,37 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass,
ReleaseSysCache(roleTup);
+ /*
+ * Don't allow an empty password. Libpq treats an empty password the same
+ * as no password at all, and won't even try to authenticate. But other
+ * clients might, so allowing it would be confusing.
+ *
+ * For a plaintext password, we can simply check that it's not an empty
+ * string. For an encrypted password, check that it does not match the MD5
+ * hash of an empty string.
+ */
if (*shadow_pass == '\0')
{
*logdetail = psprintf(_("User \"%s\" has an empty password."),
role);
return STATUS_ERROR; /* empty password */
}
+ if (isMD5(shadow_pass))
+ {
+ char crypt_empty[MD5_PASSWD_LEN + 1];
+
+ if (!pg_md5_encrypt("",
+ port->user_name,
+ strlen(port->user_name),
+ crypt_empty))
+ return STATUS_ERROR;
+ if (strcmp(shadow_pass, crypt_empty) == 0)
+ {
+ *logdetail = psprintf(_("User \"%s\" has an empty password."),
+ role);
+ return STATUS_ERROR; /* empty password */
+ }
+ }
/*
* Compare with the encrypted or plain password depending on the
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 03:19:14 +0000