Home > mailing lists

pgcrypto bug - Mailing list pgsql-patches

From	Marko Kreen
Subject	pgcrypto bug
Date	November 8, 2001 10:28:02
Msg-id	20011108135506.A1389@l-t.ee Whole thread Raw
Responses	Re: pgcrypto bug (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-patches

Tree view

When given oversized key, encrypt/decrypt corrupted
memory.  This fixes it.  Also a free() was missing.

--
marko

Index: contrib/pgcrypto/px.c
===================================================================
RCS file: /opt/cvs/pgsql/pgsql/contrib/pgcrypto/px.c,v
retrieving revision 1.3
diff -u -r1.3 px.c
--- contrib/pgcrypto/px.c    25 Oct 2001 05:49:20 -0000    1.3
+++ contrib/pgcrypto/px.c    7 Nov 2001 22:33:44 -0000
@@ -88,6 +88,8 @@
             memcpy(ivbuf, iv, ivlen);
     }

+    if (klen > ks)
+        klen = ks;
     keybuf = px_alloc(ks);
     memset(keybuf, 0, ks);
     memcpy(keybuf, key, klen);
@@ -96,6 +98,7 @@

     if (ivbuf)
         px_free(ivbuf);
+    px_free(keybuf);

     return err;
 }

pgsql-patches by date:

From: Ferdinand Smit
Date: 08 November 2001, 07:48:06
Subject: Re: Query preformence

From: andrea gelmini
Date: 08 November 2001, 10:58:02
Subject: stupid patch of pg_dumplo

pgcrypto bug - Mailing list pgsql-patches

Previous

Next