In px_crypt_md5() we have this section, with the second assignment to err being unchecked:
/* */
err = px_find_digest("md5", &ctx);
if (err)
return NULL;
err = px_find_digest("md5", &ctx1);
Even though we know that the digest algorithm exists when we reach the second
call, we must check the returnvalue from each call to px_find_digest to handle
allocation errors. Depending on which lib is backing pgcrypto, px_find_digest
may perform resource allocation which can fail on the subsequent call. It does
fall in the not-terrible-likely-to-happen category but there is a non-zero risk
which would lead to using a broken context. The attached checks the err
returnvalue and exits in case it indicates an error.
cheers ./daniel
pgcrypto_digest_error.patch
Description: Binary data
