Commit b918bf86 authored by Tom Lane's avatar Tom Lane

Fix combo_decrypt() to throw an error for zero-length input when using a

padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
parent 44b5efba
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.15 2005/10/15 02:49:06 momjian Exp $ * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.16 2007/08/23 16:15:51 tgl Exp $
*/ */
#include "postgres.h" #include "postgres.h"
...@@ -58,6 +58,7 @@ static const struct error_desc px_err_list[] = { ...@@ -58,6 +58,7 @@ static const struct error_desc px_err_list[] = {
{PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"}, {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
{PXE_MCRYPT_INTERNAL, "mcrypt internal error"}, {PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
{PXE_NO_RANDOM, "No strong random source"}, {PXE_NO_RANDOM, "No strong random source"},
{PXE_DECRYPT_FAILED, "Decryption failed"},
{PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"}, {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
{PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"}, {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
{PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"}, {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"},
...@@ -279,6 +280,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen, ...@@ -279,6 +280,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
PX_Cipher *c = cx->cipher; PX_Cipher *c = cx->cipher;
/* decide whether zero-length input is allowed */
if (dlen == 0)
{
/* with padding, empty ciphertext is not allowed */
if (cx->padding)
return PXE_DECRYPT_FAILED;
/* without padding, report empty result */
*rlen = 0;
return 0;
}
bs = px_cipher_block_size(c); bs = px_cipher_block_size(c);
if (bs > 1 && (dlen % bs) != 0) if (bs > 1 && (dlen % bs) != 0)
goto block_error; goto block_error;
......
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.17 2007/04/06 05:36:50 tgl Exp $ * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.18 2007/08/23 16:15:51 tgl Exp $
*/ */
#ifndef __PX_H #ifndef __PX_H
...@@ -78,6 +78,7 @@ void px_free(void *p); ...@@ -78,6 +78,7 @@ void px_free(void *p);
#define PXE_BAD_SALT_ROUNDS -15 #define PXE_BAD_SALT_ROUNDS -15
#define PXE_MCRYPT_INTERNAL -16 #define PXE_MCRYPT_INTERNAL -16
#define PXE_NO_RANDOM -17 #define PXE_NO_RANDOM -17
#define PXE_DECRYPT_FAILED -18
#define PXE_MBUF_SHORT_READ -50 #define PXE_MBUF_SHORT_READ -50
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment