On Fri, Jan 27, 2012 at 7:34 PM, Stefan Kaltenbrunner <ste...@kaltenbrunner.cc> wrote: > On 01/27/2012 04:20 PM, Marko Kreen wrote: >> On Fri, Jan 27, 2012 at 01:37:11AM -0500, Tom Lane wrote: >> Yeah, it should be fixed. But note that "random data" is part of >> decrypt() spec - the validation it can do is a joke. >> >> Its more important to do proper checks in encrypt() to avoid invalid >> stored data, but there the recommended modes (CBC, CFB) can work >> with any length data, so even there the impact is low. > > I agree - but in my case the input to those functions is actually coming > from external untrusted systems - so if the data is (completely) invalid > really want to get a proper error message instead of random memory content.
You *will* get random memory content. If your app is exploitable with invalid data, you *will* get exploited. The decrypt() checks are more for developer convenience than anything more serious. Please fix your app to survive invalid data... -- marko -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
