Quick Links

pgcrypto bug

From:	Marko Kreen <marko(at)l-t(dot)ee>
To:	pgsql-patches(at)postgresql(dot)org
Subject:	pgcrypto bug
Date:	2001-11-08 11:55:06
Message-ID:	20011108135506.A1389@l-t.ee
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

When given oversized key, encrypt/decrypt corrupted
memory. This fixes it. Also a free() was missing.

--
marko

Index: contrib/pgcrypto/px.c
===================================================================
RCS file: /opt/cvs/pgsql/pgsql/contrib/pgcrypto/px.c,v
retrieving revision 1.3
diff -u -r1.3 px.c
--- contrib/pgcrypto/px.c 25 Oct 2001 05:49:20 -0000 1.3
+++ contrib/pgcrypto/px.c 7 Nov 2001 22:33:44 -0000
@@ -88,6 +88,8 @@
memcpy(ivbuf, iv, ivlen);
}

+ if (klen > ks)
+ klen = ks;
keybuf = px_alloc(ks);
memset(keybuf, 0, ks);
memcpy(keybuf, key, klen);
@@ -96,6 +98,7 @@

if (ivbuf)
px_free(ivbuf);
+ px_free(keybuf);

return err;
}

Responses

Re: pgcrypto bug at 2001-11-08 15:57:24 from Bruce Momjian

Browse pgsql-patches by date

	From	Date	Subject
Next Message	andrea gelmini	2001-11-08 12:52:47	stupid patch of pg_dumplo
Previous Message	Ferdinand Smit	2001-11-08 09:44:10	Re: Query preformence