From a69e1506f618d4577bf7fdbfea51924a44c6e7de Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Sat, 25 Sep 2021 11:25:48 +0200 Subject: [PATCH] pgcrypto: Check for error return of px_cipher_decrypt() This has previously not been a problem (that anyone ever reported), but in future OpenSSL versions (3.0.0), where legacy ciphers are/can be disabled, this is the place where this is reported. So we need to catch the error here, otherwise the higher-level functions would return garbage. The nearby encryption code already handled errors similarly. Author: Peter Eisentraut Reviewed-by: Daniel Gustafsson Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com Backpatch-through: 9.6 --- contrib/pgcrypto/px.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c index 0f02fb56c4..2c6704e257 100644 --- a/contrib/pgcrypto/px.c +++ b/contrib/pgcrypto/px.c @@ -292,6 +292,7 @@ static int combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, uint8 *res, unsigned *rlen) { + int err = 0; unsigned bs, i, pad; @@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen, /* decrypt */ *rlen = dlen; - px_cipher_decrypt(c, data, dlen, res); + err = px_cipher_decrypt(c, data, dlen, res); + if (err) + return err; /* unpad */ if (bs > 1 && cx->padding)