projects / users / bernd / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 96462c3)
Fix combo_decrypt() to throw an error for zero-length input when using a
authorTom Lane <[email protected]>
Thu, 23 Aug 2007 16:16:05 +0000 (16:16 +0000)
committerTom Lane <[email protected]>
Thu, 23 Aug 2007 16:16:05 +0000 (16:16 +0000)
padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.

contrib/pgcrypto/px.c patch | blob | blame | history
contrib/pgcrypto/px.h patch | blob | blame | history

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index e866959daabc1138460da7ed0913b65f5a88fa35..a1930b10c4c96b86c338ea15cc1625201f764a7b 100644 (file)
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -58,6 +58,7 @@ static const struct error_desc px_err_list[] = {
        {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
        {PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
        {PXE_NO_RANDOM, "No strong random source"},
+       {PXE_DECRYPT_FAILED, "Decryption failed"},
        {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
        {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
        {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"},
@@ -279,6 +280,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
 
        PX_Cipher  *c = cx->cipher;
 
+       /* decide whether zero-length input is allowed */
+       if (dlen == 0)
+       {
+               /* with padding, empty ciphertext is not allowed */
+               if (cx->padding)
+                       return PXE_DECRYPT_FAILED;
+               
+               /* without padding, report empty result */
+               *rlen = 0;
+               return 0;
+       }
+
        bs = px_cipher_block_size(c);
        if (bs > 1 && (dlen % bs) != 0)
                goto block_error;
diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
index 1ef3813ae3986320add0d596e0d0ee397f558834..2d7bd9ec36556333970c7b81e3027c9988eebe01 100644 (file)
--- a/contrib/pgcrypto/px.h
+++ b/contrib/pgcrypto/px.h
@@ -85,6 +85,7 @@ void          px_free(void *p);
 #define PXE_BAD_SALT_ROUNDS                    -15
 #define PXE_MCRYPT_INTERNAL                    -16
 #define PXE_NO_RANDOM                          -17
+#define PXE_DECRYPT_FAILED                     -18
 
 #define PXE_MBUF_SHORT_READ                    -50
 
Bernd Helmle's repository