Fix combo_decrypt() to throw an error for zero-length input when using a

padded encryption scheme.  Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index 0374b1c02763bd84c44a7414d69860ea02cb8821..81222873b698cc033793a514f76e698697b6a0a8 100644 (file)
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.15 2005/10/15 02:49:06 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/px.c,v 1.16 2007/08/23 16:15:51 tgl Exp $
  */
 
 #include "postgres.h"
@@ -58,6 +58,7 @@ static const struct error_desc px_err_list[] = {
    {PXE_BAD_SALT_ROUNDS, "Incorrect number of rounds"},
    {PXE_MCRYPT_INTERNAL, "mcrypt internal error"},
    {PXE_NO_RANDOM, "No strong random source"},
+   {PXE_DECRYPT_FAILED, "Decryption failed"},
    {PXE_PGP_CORRUPT_DATA, "Wrong key or corrupt data"},
    {PXE_PGP_CORRUPT_ARMOR, "Corrupt ascii-armor"},
    {PXE_PGP_UNSUPPORTED_COMPR, "Unsupported compression algorithm"},
@@ -279,6 +280,18 @@ combo_decrypt(PX_Combo * cx, const uint8 *data, unsigned dlen,
 
    PX_Cipher  *c = cx->cipher;
 
+   /* decide whether zero-length input is allowed */
+   if (dlen == 0)
+   {
+       /* with padding, empty ciphertext is not allowed */
+       if (cx->padding)
+           return PXE_DECRYPT_FAILED;
+       
+       /* without padding, report empty result */
+       *rlen = 0;
+       return 0;
+   }
+
    bs = px_cipher_block_size(c);
    if (bs > 1 && (dlen % bs) != 0)
        goto block_error;

diff --git a/contrib/pgcrypto/px.h b/contrib/pgcrypto/px.h
index 412728e53d00bdc27750bdd478ad67ce2511ab3e..257d6015bc3ecd925914fd3c2ff49bfb8bd32152 100644 (file)
--- a/contrib/pgcrypto/px.h
+++ b/contrib/pgcrypto/px.h
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.17 2007/04/06 05:36:50 tgl Exp $
+ * $PostgreSQL: pgsql/contrib/pgcrypto/px.h,v 1.18 2007/08/23 16:15:51 tgl Exp $
  */
 
 #ifndef __PX_H
@@ -78,6 +78,7 @@ void      px_free(void *p);
 #define PXE_BAD_SALT_ROUNDS            -15
 #define PXE_MCRYPT_INTERNAL            -16
 #define PXE_NO_RANDOM              -17
+#define PXE_DECRYPT_FAILED         -18
 
 #define PXE_MBUF_SHORT_READ            -50