| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix combo_decrypt() to throw an error for zero-length input when |
| Date: | 2007-08-23 16:15:51 |
| Message-ID: | 20070823161551.9439A7541EA@cvs.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Fix combo_decrypt() to throw an error for zero-length input when using a
padded encryption scheme. Formerly it would try to access res[(unsigned) -1],
which resulted in core dumps on 64-bit machines, and was certainly trouble
waiting to happen on 32-bit machines (though in at least the known case
it was harmless because that byte would be overwritten after return).
Per report from Ken Colson; fix by Marko Kreen.
Modified Files:
--------------
pgsql/contrib/pgcrypto:
px.c (r1.15 -> r1.16)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/px.c?r1=1.15&r2=1.16)
px.h (r1.17 -> r1.18)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/px.h?r1=1.17&r2=1.18)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-08-23 16:15:57 | pgsql: Fix combo_decrypt() to throw an error for zero-length input when |
| Previous Message | Alvaro Herrera | 2007-08-23 14:59:44 | Re: [COMMITTERS] pgsql: Add configure option --with-system-tzdata to use operating system |