From f94c9dbf22119e19af05c09e184fecee2d6adb41 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 23 Aug 2007 16:15:57 +0000 Subject: [PATCH] Fix combo_decrypt() to throw an error for zero-length input when using a padded encryption scheme. Formerly it would try to access res[(unsigned) -1], which resulted in core dumps on 64-bit machines, and was certainly trouble waiting to happen on 32-bit machines (though in at least the known case it was harmless because that byte would be overwritten after return). Per report from Ken Colson; fix by Marko Kreen. --- contrib/pgcrypto/px.c | 15 ++++++++++++++- contrib/pgcrypto/px.h | 3 ++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index 0374b1c027..49ebfb8770 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.15 2005/10/15 02:49:06 momjian Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.15.4.1 2007/08/23 16:15:57 tgl Exp $ */ #include "postgres.h" @@ -58,6 +58,7 @@ static const struct error_desc px_err_list[] = { {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, {PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, {PXE_NO_RANDOM, "No strong random source"}, + {PXE_DECRYPT_FAILED, "Decryption failed"}, {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"}, {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"}, {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"}, @@ -279,6 +280,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen, PX_Cipher *c = cx->cipher; + /* decide whether zero-length input is allowed */ + if (dlen == 0) + { + /* with padding, empty ciphertext is not allowed */ + if (cx->padding) + return PXE_DECRYPT_FAILED; + + /* without padding, report empty result */ + *rlen = 0; + return 0; + } + bs = px_cipher_block_size(c); if (bs > 1 && (dlen % bs) != 0) goto block_error; diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h index bf53ec0e65..ba7d7c1260 100644 --- a/contrib/pgcrypto/px.h +++ b/contrib/pgcrypto/px.h @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.16 2005/10/15 02:49:06 momjian Exp $ + * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.16.4.1 2007/08/23 16:15:57 tgl Exp $ */ #ifndef __PX_H @@ -85,6 +85,7 @@ void px_free(void *p); #define PXE_BAD_SALT_ROUNDS -15 #define PXE_MCRYPT_INTERNAL -16 #define PXE_NO_RANDOM -17 +#define PXE_DECRYPT_FAILED -18 #define PXE_MBUF_SHORT_READ -50