From: | Marko Kreen <markokr(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Postgres-Bugs <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: pgcrypto decrypt_iv() issue |
Date: | 2012-01-27 17:43:16 |
Message-ID: | 20120127174316.GA5955@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Fri, Jan 27, 2012 at 12:13:21PM -0500, Tom Lane wrote:
> Marko Kreen <markokr(at)gmail(dot)com> writes:
> > pgcrypto.c is easily fixable and internal.c has proper checks.
> > But openssl.c does not. And I have a bigger openssl.c cleanup
> > pending. So I would prefer to add missing checks to cleaned-up
> > openssl.c and post them together (soonish).
>
> > But I'm bit unclear about fate of /contrib cleanup patches vs. 9.2,
> > so if they won't get in, it's ok to apply quick fixes to current tree,
> > it won't inconvinience me much.
>
> I think we should fix and back-patch these two specific bugs. The
> openssl.c change sounds like it might be something for HEAD only.
Now I looked more in-depth and seems my comments were off - error
detection for encrypt()/decrypt() happens in px.c not in
internal.c/openssl.c. Latter ones simply validate internal APIs.
So attached patch should be enough to fix the issue.
And it should be quite backportable.
--
marko
Attachment | Content-Type | Size |
---|---|---|
encrypt_iv.diff | text/x-diff | 925 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Marko Kreen | 2012-01-27 17:54:49 | Re: pgcrypto decrypt_iv() issue |
Previous Message | Stefan Kaltenbrunner | 2012-01-27 17:34:32 | Re: pgcrypto decrypt_iv() issue |