On 8/23/07, Tom Lane <[EMAIL PROTECTED]> wrote:
> "Ken Colson" <[EMAIL PROTECTED]> writes:
> > this statement:
> > select decrypt(''::bytea,'password','bf')
> > causes the postgresql backend to crash:
> > This seems to be a 64bit problem.
>
> Reproduced here in HEAD. The problem is here:> 293 pad = res[*rlen - 1]; > The problem clearly is that combo_decrypt()'s depadding code fails to > consider the possibility of a zero-length input, but I'm not entirely > sure how far up the food chain we ought to fix it --- perhaps > pg_decrypt() should not have bothered to light up the decryptor at all? The fix should be in combo_decrypt() because other code should not need to guess whether zero-length input is allowed or not. Patch attached. > Also, what other pgcrypto routines might have similar bugs? Well, PGP code accesses anything thru wrappers, so should be OK. Rest of the code does not try to parse user data, just passes it thru. Except armor()/dearmor(), which does lot of pointer-juggling. I can do a review of that, just in case. -- marko
decrypt.fix.diff
Description: Binary data
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
