summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2007-08-23 16:16:27 +0000
committerTom Lane2007-08-23 16:16:27 +0000
commit10a81b3f2faccd319d671979ff39042778dd6274 (patch)
treecd20a5350a7d3dbd464900217bc4f1ab32a2c52d
parentffaaaf9918fdd1405f196314202fa126ac65c149 (diff)
Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme. Formerly it would try to access res[(unsigned) -1], which resulted in core dumps on 64-bit machines, and was certainly trouble waiting to happen on 32-bit machines (though in at least the known case it was harmless because that byte would be overwritten after return). Per report from Ken Colson; fix by Marko Kreen.
-rw-r--r--contrib/pgcrypto/px.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index ed7e330edc2..bf5057f89b1 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: px.c,v 1.7 2002/03/06 06:09:10 momjian Exp $
+ * $Id: px.c,v 1.7.2.1 2007/08/23 16:16:27 tgl Exp $
*/
#include <postgres.h>
@@ -185,6 +185,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
PX_Cipher *c = cx->cipher;
+ /* decide whether zero-length input is allowed */
+ if (dlen == 0)
+ {
+ /* with padding, empty ciphertext is not allowed */
+ if (cx->padding)
+ return -1;
+
+ /* without padding, report empty result */
+ *rlen = 0;
+ return 0;
+ }
+
bs = px_cipher_block_size(c);
if (bs > 1 && (dlen % bs) != 0)
goto block_error;