From: | "Marko Kreen" <markokr(at)gmail(dot)com> |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "Ken Colson" <ken(dot)colson(at)sage(dot)com>, pgsql-bugs(at)postgresql(dot)org, PGSQL-Patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: BUG #3571: call to decrypt causes segfault |
Date: | 2007-08-23 08:54:58 |
Message-ID: | e51f66da0708230154j7cfc06c4xd18a5a2069cbfead@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-patches |
On 8/23/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Ken Colson" <ken(dot)colson(at)sage(dot)com> writes:
> > this statement:
> > select decrypt(''::bytea,'password','bf')
> > causes the postgresql backend to crash:
> > This seems to be a 64bit problem.
>
> Reproduced here in HEAD. The problem is here:
> 293 pad = res[*rlen - 1];
> The problem clearly is that combo_decrypt()'s depadding code fails to
> consider the possibility of a zero-length input, but I'm not entirely
> sure how far up the food chain we ought to fix it --- perhaps
> pg_decrypt() should not have bothered to light up the decryptor at all?
The fix should be in combo_decrypt() because other code
should not need to guess whether zero-length input is
allowed or not.
Patch attached.
> Also, what other pgcrypto routines might have similar bugs?
Well, PGP code accesses anything thru wrappers, so should be OK.
Rest of the code does not try to parse user data, just passes
it thru.
Except armor()/dearmor(), which does lot of pointer-juggling.
I can do a review of that, just in case.
--
marko
Attachment | Content-Type | Size |
---|---|---|
decrypt.fix.diff | application/octet-stream | 1.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Zdenek Kotala | 2007-08-23 08:55:14 | Re: BUG #3567: invalid page header in block XXXXof relation |
Previous Message | Russell Smith | 2007-08-23 07:51:08 | Re: BUG #3563: DATESTYLE feature suggestion |
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2007-08-23 14:17:55 | Bunch of tsearch fixes and cleanup |
Previous Message | Tom Lane | 2007-08-22 23:42:52 | Re: BUG #3571: call to decrypt causes segfault |