| From: | neilc(at)postgresql(dot)org (Neil Conway) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak |
| Date: | 2006-02-18 20:48:51 |
| Message-ID: | 20060218204851.C6E539DCAA7@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Patch from Marko Kreen:
pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest ->reset will do two DigestInit calls
against a context. This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.
Reason for the messy code was that I tried to avoid creating
wrapper structure to transport algorithm info and tried to use
OpenSSL context for it. The fix is to create wrapper structure.
It also uses newer digest API to avoid memory allocations
on reset with newer OpenSSLs.
Thanks to Daniel Blaisdell for reporting it.
Modified Files:
--------------
pgsql/contrib/pgcrypto:
openssl.c (r1.26 -> r1.27)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/openssl.c.diff?r1=1.26&r2=1.27)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2006-02-18 20:48:54 | pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak |
| Previous Message | Peter Eisentraut | 2006-02-18 16:15:23 | pgsql: Add support for Windows codepages 1253, 1254, 1255, and 1257 and |