Potential use of uninitialized context in pgcrypto

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-10-16T12:43:42Z
Lists: pgsql-hackers

Attachments

In px_crypt_md5() we have this section, with the second assignment to err being
unchecked:

   /* */
   err = px_find_digest("md5", &ctx);
   if (err)
       return NULL;
   err = px_find_digest("md5", &ctx1);

Even though we know that the digest algorithm exists when we reach the second
call, we must check the returnvalue from each call to px_find_digest to handle
allocation errors.  Depending on which lib is backing pgcrypto, px_find_digest
may perform resource allocation which can fail on the subsequent call.  It does
fall in the not-terrible-likely-to-happen category but there is a non-zero risk
which would lead to using a broken context.  The attached checks the err
returnvalue and exits in case it indicates an error.

cheers ./daniel

Commits

  1. Add missing error check in pgcrypto/crypt-md5.c.