Thread: Potential use of uninitialized context in pgcrypto

Potential use of uninitialized context in pgcrypto

From
Daniel Gustafsson
Date:
In px_crypt_md5() we have this section, with the second assignment to err being
unchecked:

   /* */
   err = px_find_digest("md5", &ctx);
   if (err)
       return NULL;
   err = px_find_digest("md5", &ctx1);

Even though we know that the digest algorithm exists when we reach the second
call, we must check the returnvalue from each call to px_find_digest to handle
allocation errors.  Depending on which lib is backing pgcrypto, px_find_digest
may perform resource allocation which can fail on the subsequent call.  It does
fall in the not-terrible-likely-to-happen category but there is a non-zero risk
which would lead to using a broken context.  The attached checks the err
returnvalue and exits in case it indicates an error.

cheers ./daniel



Attachment

Re: Potential use of uninitialized context in pgcrypto

From
Tom Lane
Date:
Daniel Gustafsson <daniel@yesql.se> writes:
> Even though we know that the digest algorithm exists when we reach the second
> call, we must check the returnvalue from each call to px_find_digest to handle
> allocation errors.

Agreed, it's a bug.  Will push in a bit.

            regards, tom lane