Fix combo_decrypt() to throw an error for zero-length input when using a

padded encryption scheme. Formerly it would try to access res[(unsigned) -1], which resulted in core dumps on 64-bit machines, and was certainly trouble waiting to happen on 32-bit machines (though in at least the known case it was harmless because that byte would be overwritten after return). Per report from Ken Colson; fix by Marko Kreen.
2024-12-09 08:10:09 +08:00 · 2007-08-23 16:16:11 +00:00 · 2007-08-23 16:16:11 +00:00 · fa87632f79
commit fa87632f79
parent c2e2ad7989
1 changed files with 13 additions and 1 deletions
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@ -26,7 +26,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.9 2004/05/07 00:24:57 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.9.4.1 2007/08/23 16:16:11 tgl Exp $
 */

 #include <postgres.h>
@ -185,6 +185,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,

 	PX_Cipher  *c = cx->cipher;

+	/* decide whether zero-length input is allowed */
+	if (dlen == 0)
+	{
+		/* with padding, empty ciphertext is not allowed */
+		if (cx->padding)
+			return -1;
+		
+		/* without padding, report empty result */
+		*rlen = 0;
+		return 0;
+	}
+
 	bs = px_cipher_block_size(c);
 	if (bs > 1 && (dlen % bs) != 0)
 		goto block_error;