| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix combo_decrypt() to throw an error for zero-length input when |
| Date: | 2007-08-23 16:15:57 |
| Message-ID: | 20070823161557.3BC077541EA@cvs.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme. Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
Tags:
----
REL8_2_STABLE
Modified Files:
--------------
pgsql/contrib/pgcrypto:
px.c (r1.15 -> r1.15.4.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/px.c?r1=1.15&r2=1.15.4.1)
px.h (r1.16 -> r1.16.4.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/px.h?r1=1.16&r2=1.16.4.1)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-08-23 16:16:05 | pgsql: Fix combo_decrypt() to throw an error for zero-length input when |
| Previous Message | Tom Lane | 2007-08-23 16:15:51 | pgsql: Fix combo_decrypt() to throw an error for zero-length input when |