pgcrypto: Detect and report too-short crypt() salts.

Certain short salts crashed the backend or disclosed a few bytes of
backend memory.  For existing salt-induced error conditions, emit a
message saying as much.  Back-patch to 9.0 (all supported versions).

Josh Kupershmidt

Security: CVE-2015-5288

contrib/pgcrypto/crypt-blowfish.c

@@ -602,6 +602,17 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 	if (size < 7 + 22 + 31 + 1)
 		return NULL;
 
+	/*
+	 * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
+	 * two digit cost parameter, "$", and 22 digits from the alphabet
+	 * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
+	 * more restrictions on the count in the salt as well.
+	 */
+	if (strlen(setting) < 29)
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+				 errmsg("invalid salt")));
+
 	if (setting[0] != '$' ||
 		setting[1] != '2' ||
 		(setting[2] != 'a' && setting[2] != 'x') ||
@@ -611,14 +622,18 @@ _crypt_blowfish_rn(const char *key, const char *setting,
 		(setting[4] == '3' && setting[5] > '1') ||
 		setting[6] != '$')
 	{
-		return NULL;
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+				 errmsg("invalid salt")));
 	}
 
 	count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
 	if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
 	{
 		px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
-		return NULL;
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+				 errmsg("invalid salt")));
 	}
 	BF_swap(data.binary.salt, 4);