On 8/23/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Ken Colson" <ken(dot)colson(at)sage(dot)com> writes:
> > this statement:
> > select decrypt(''::bytea,'password','bf')
> > causes the postgresql backend to crash:
> > This seems to be a 64bit problem.
> Reproduced here in HEAD. The problem is here:
> 293 pad = res[*rlen - 1];
> The problem clearly is that combo_decrypt()'s depadding code fails to
> consider the possibility of a zero-length input, but I'm not entirely
> sure how far up the food chain we ought to fix it --- perhaps
> pg_decrypt() should not have bothered to light up the decryptor at all?
The fix should be in combo_decrypt() because other code
should not need to guess whether zero-length input is
allowed or not.
> Also, what other pgcrypto routines might have similar bugs?
Well, PGP code accesses anything thru wrappers, so should be OK.
Rest of the code does not try to parse user data, just passes
Except armor()/dearmor(), which does lot of pointer-juggling.
I can do a review of that, just in case.
In response to
pgsql-bugs by date
|Next:||From: Zdenek Kotala||Date: 2007-08-23 08:55:14|
|Subject: Re: BUG #3567: invalid page header in block XXXXof relation|
|Previous:||From: Russell Smith||Date: 2007-08-23 07:51:08|
|Subject: Re: BUG #3563: DATESTYLE feature suggestion|
pgsql-patches by date
|Next:||From: Heikki Linnakangas||Date: 2007-08-23 14:17:55|
|Subject: Bunch of tsearch fixes and cleanup|
|Previous:||From: Tom Lane||Date: 2007-08-22 23:42:52|
|Subject: Re: BUG #3571: call to decrypt causes segfault |