diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-09-25 11:25:48 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2021-09-25 11:25:48 +0200 |
| commit | a69e1506f618d4577bf7fdbfea51924a44c6e7de (patch) | |
| tree | b4e5a543d94af9000697a38df43bd2862281135a | |
| parent | 52f8575a9e75e67ed7a7ae1585be28a85e85ae0e (diff) | |
| download | postgresql-a69e1506f618d4577bf7fdbfea51924a44c6e7de.tar.gz postgresql-a69e1506f618d4577bf7fdbfea51924a44c6e7de.zip | |
pgcrypto: Check for error return of px_cipher_decrypt()
This has previously not been a problem (that anyone ever reported),
but in future OpenSSL versions (3.0.0), where legacy ciphers are/can
be disabled, this is the place where this is reported. So we need to
catch the error here, otherwise the higher-level functions would
return garbage. The nearby encryption code already handled errors
similarly.
Author: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com
Backpatch-through: 9.6
| -rw-r--r-- | contrib/pgcrypto/px.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index 0f02fb56c4f..2c6704e2577 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -292,6 +292,7 @@ static int combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen) { + int err = 0; unsigned bs, i, pad; @@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, /* decrypt */ *rlen = dlen; - px_cipher_decrypt(c, data, dlen, res); + err = px_cipher_decrypt(c, data, dlen, res); + if (err) + return err; /* unpad */ if (bs > 1 && cx->padding) |