Fix combo_decrypt() to throw an error for zero-length input when using a

padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index dbea3d7222c979c1dc42aae3bcbaac2a66eeba8d..1a378c0d0911fb8450d677aad795466dce59559c 100644 (file)
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -185,6 +185,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
 
        PX_Cipher  *c = cx->cipher;
 
+       /* decide whether zero-length input is allowed */
+       if (dlen == 0)
+       {
+               /* with padding, empty ciphertext is not allowed */
+               if (cx->padding)
+                       return -1;
+               
+               /* without padding, report empty result */
+               *rlen = 0;
+               return 0;
+       }
+
        bs = px_cipher_block_size(c);
        if (bs > 1 && (dlen % bs) != 0)
                goto block_error;