From: Daniel Gustafsson Date: Sat, 25 Sep 2021 09:25:48 +0000 (+0200) Subject: pgcrypto: Check for error return of px_cipher_decrypt() X-Git-Tag: REL_11_14~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f28d267c7e0936b55307d88644070248a718bd7;p=thirdparty%2Fpostgresql.git pgcrypto: Check for error return of px_cipher_decrypt() This has previously not been a problem (that anyone ever reported), but in future OpenSSL versions (3.0.0), where legacy ciphers are/can be disabled, this is the place where this is reported. So we need to catch the error here, otherwise the higher-level functions would return garbage. The nearby encryption code already handled errors similarly. Author: Peter Eisentraut Reviewed-by: Daniel Gustafsson Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com Backpatch-through: 9.6 --- diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index aea8e863af0..f26683aa11b 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -300,6 +300,7 @@ static int combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen) { + int err = 0; unsigned bs, i, pad; @@ -325,7 +326,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, /* decrypt */ *rlen = dlen; - px_cipher_decrypt(c, data, dlen, res); + err = px_cipher_decrypt(c, data, dlen, res); + if (err) + return err; /* unpad */ if (bs > 1 && cx->padding)