Fix Coverity warning about contrib/pgcrypto's mdc_finish().
Tom Lane <tgl@sss.pgh.pa.us>
Fix Coverity warning about contrib/pgcrypto's mdc_finish(). Coverity points out that mdc_finish returns a pointer to a local buffer (which of course is gone as soon as the function returns), leaving open a risk of misbehaviors possibly as bad as a stack overwrite. In reality, the only possible call site is in process_data_packets() which does not examine the returned pointer at all. So there's no live bug, but nonetheless the code is confusing and risky. Refactor to avoid the issue by letting process_data_packets() call mdc_finish() directly instead of going through the pullf_read() API. Although this is only cosmetic, it seems good to back-patch so that the logic in pgp-decrypt.c stays in sync across all branches. Marko Kreen
Files
| Path | Change | +/− |
|---|---|---|
| contrib/pgcrypto/pgp-decrypt.c | modified | +19 −30 |