From 149d13de745beb5a29dcd1daa3f39e8819a4a4e5 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 8 Nov 2001 15:56:58 +0000
Subject: [PATCH] When given oversized key, encrypt/decrypt corrupted memory. 
 This fixes it.  Also a free() was missing.

marko
---
 contrib/pgcrypto/px.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index 20550bf100..15d8f5daf7 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: px.c,v 1.3 2001/10/25 05:49:20 momjian Exp $
+ * $Id: px.c,v 1.4 2001/11/08 15:56:58 momjian Exp $
  */
 
 #include <postgres.h>
@@ -88,6 +88,8 @@ combo_init(PX_Combo * cx, const uint8 *key, uint klen,
 			memcpy(ivbuf, iv, ivlen);
 	}
 
+	if (klen > ks)
+		klen = ks;
 	keybuf = px_alloc(ks);
 	memset(keybuf, 0, ks);
 	memcpy(keybuf, key, klen);
@@ -96,6 +98,7 @@ combo_init(PX_Combo * cx, const uint8 *key, uint klen,
 
 	if (ivbuf)
 		px_free(ivbuf);
+	px_free(keybuf);
 
 	return err;
 }