Skip site navigation (1) Skip section navigation (2)

Re: BUG #3571: call to decrypt causes segfault

From: "Marko Kreen" <markokr(at)gmail(dot)com>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Ken Colson" <ken(dot)colson(at)sage(dot)com>, pgsql-bugs(at)postgresql(dot)org, PGSQL-Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: BUG #3571: call to decrypt causes segfault
Date: 2007-08-23 08:54:58
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugspgsql-patches
On 8/23/07, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Ken Colson" <ken(dot)colson(at)sage(dot)com> writes:
> > this statement:
> > select decrypt(''::bytea,'password','bf')
> > causes the postgresql backend to crash:
> > This seems to be a 64bit problem.
> Reproduced here in HEAD.  The problem is here:

> 293                     pad = res[*rlen - 1];

> The problem clearly is that combo_decrypt()'s depadding code fails to
> consider the possibility of a zero-length input, but I'm not entirely
> sure how far up the food chain we ought to fix it --- perhaps
> pg_decrypt() should not have bothered to light up the decryptor at all?

The fix should be in combo_decrypt() because other code
should not need to guess whether zero-length input is
allowed or not.

Patch attached.

> Also, what other pgcrypto routines might have similar bugs?

Well, PGP code accesses anything thru wrappers, so should be OK.
Rest of the code does not try to parse user data, just passes
it thru.

Except armor()/dearmor(), which does lot of pointer-juggling.
I can do a review of that, just in case.


Attachment: decrypt.fix.diff
Description: application/octet-stream (1.7 KB)

In response to


pgsql-bugs by date

Next:From: Zdenek KotalaDate: 2007-08-23 08:55:14
Subject: Re: BUG #3567: invalid page header in block XXXXof relation
Previous:From: Russell SmithDate: 2007-08-23 07:51:08
Subject: Re: BUG #3563: DATESTYLE feature suggestion

pgsql-patches by date

Next:From: Heikki LinnakangasDate: 2007-08-23 14:17:55
Subject: Bunch of tsearch fixes and cleanup
Previous:From: Tom LaneDate: 2007-08-22 23:42:52
Subject: Re: BUG #3571: call to decrypt causes segfault

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group