On Fri, Jan 27, 2012 at 12:13:21PM -0500, Tom Lane wrote: > Marko Kreen <mark...@gmail.com> writes: > > pgcrypto.c is easily fixable and internal.c has proper checks. > > But openssl.c does not. And I have a bigger openssl.c cleanup > > pending. So I would prefer to add missing checks to cleaned-up > > openssl.c and post them together (soonish). > > > But I'm bit unclear about fate of /contrib cleanup patches vs. 9.2, > > so if they won't get in, it's ok to apply quick fixes to current tree, > > it won't inconvinience me much. > > I think we should fix and back-patch these two specific bugs. The > openssl.c change sounds like it might be something for HEAD only.
Now I looked more in-depth and seems my comments were off - error detection for encrypt()/decrypt() happens in px.c not in internal.c/openssl.c. Latter ones simply validate internal APIs. So attached patch should be enough to fix the issue. And it should be quite backportable. -- marko
diff --git a/contrib/pgcrypto/pgcrypto.c b/contrib/pgcrypto/pgcrypto.c index c758853..a441ca7 100644 --- a/contrib/pgcrypto/pgcrypto.c +++ b/contrib/pgcrypto/pgcrypto.c @@ -341,8 +341,8 @@ pg_encrypt_iv(PG_FUNCTION_ARGS) err = px_combo_init(c, (uint8 *) VARDATA(key), klen, (uint8 *) VARDATA(iv), ivlen); if (!err) - px_combo_encrypt(c, (uint8 *) VARDATA(data), dlen, - (uint8 *) VARDATA(res), &rlen); + err = px_combo_encrypt(c, (uint8 *) VARDATA(data), dlen, + (uint8 *) VARDATA(res), &rlen); px_combo_free(c); @@ -395,8 +395,8 @@ pg_decrypt_iv(PG_FUNCTION_ARGS) err = px_combo_init(c, (uint8 *) VARDATA(key), klen, (uint8 *) VARDATA(iv), ivlen); if (!err) - px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen, - (uint8 *) VARDATA(res), &rlen); + err = px_combo_decrypt(c, (uint8 *) VARDATA(data), dlen, + (uint8 *) VARDATA(res), &rlen); px_combo_free(c);
-- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
