Bug fix. Patch applied. Thanks.
---------------------------------------------------------------------------
> When given oversized key, encrypt/decrypt corrupted
> memory. This fixes it. Also a free() was missing.
>
> --
> marko
>
> Index: contrib/pgcrypto/px.c
> ===================================================================
> RCS file: /opt/cvs/pgsql/pgsql/contrib/pgcrypto/px.c,v
> retrieving revision 1.3
> diff -u -r1.3 px.c
> --- contrib/pgcrypto/px.c 25 Oct 2001 05:49:20 -0000 1.3
> +++ contrib/pgcrypto/px.c 7 Nov 2001 22:33:44 -0000
> @@ -88,6 +88,8 @@
> memcpy(ivbuf, iv, ivlen);
> }
>
> + if (klen > ks)
> + klen = ks;
> keybuf = px_alloc(ks);
> memset(keybuf, 0, ks);
> memcpy(keybuf, key, klen);
> @@ -96,6 +98,7 @@
>
> if (ivbuf)
> px_free(ivbuf);
> + px_free(keybuf);
>
> return err;
> }
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026