diff options
author | Tom Lane | 2007-08-23 16:16:27 +0000 |
---|---|---|
committer | Tom Lane | 2007-08-23 16:16:27 +0000 |
commit | 10a81b3f2faccd319d671979ff39042778dd6274 (patch) | |
tree | cd20a5350a7d3dbd464900217bc4f1ab32a2c52d | |
parent | ffaaaf9918fdd1405f196314202fa126ac65c149 (diff) |
Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme. Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
-rw-r--r-- | contrib/pgcrypto/px.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index ed7e330edc2..bf5057f89b1 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: px.c,v 1.7 2002/03/06 06:09:10 momjian Exp $ + * $Id: px.c,v 1.7.2.1 2007/08/23 16:16:27 tgl Exp $ */ #include <postgres.h> @@ -185,6 +185,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen, PX_Cipher *c = cx->cipher; + /* decide whether zero-length input is allowed */ + if (dlen == 0) + { + /* with padding, empty ciphertext is not allowed */ + if (cx->padding) + return -1; + + /* without padding, report empty result */ + *rlen = 0; + return 0; + } + bs = px_cipher_block_size(c); if (bs > 1 && (dlen % bs) != 0) goto block_error; |