Potential use of uninitialized context in pgcrypto
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-10-16T12:43:42Z
Lists: pgsql-hackers
Attachments
- pgcrypto_digest_error.patch (application/octet-stream) patch
- (unnamed) (text/plain)
In px_crypt_md5() we have this section, with the second assignment to err being
unchecked:
/* */
err = px_find_digest("md5", &ctx);
if (err)
return NULL;
err = px_find_digest("md5", &ctx1);
Even though we know that the digest algorithm exists when we reach the second
call, we must check the returnvalue from each call to px_find_digest to handle
allocation errors. Depending on which lib is backing pgcrypto, px_find_digest
may perform resource allocation which can fail on the subsequent call. It does
fall in the not-terrible-likely-to-happen category but there is a non-zero risk
which would lead to using a broken context. The attached checks the err
returnvalue and exits in case it indicates an error.
cheers ./daniel
Commits
-
Add missing error check in pgcrypto/crypt-md5.c.
- 9c3032881e00 9.5.24 landed
- e15115b4d204 9.6.20 landed
- 3e1a4c260ef2 10.15 landed
- 1eb2d7e3ea8e 11.10 landed
- 7004ce75897e 12.5 landed
- 3d338a46a4c3 13.1 landed
- 02a75f8369b1 14.0 landed