From: Daniel Gustafsson <dgustafsson@postgresql.org>
Date: Sat, 25 Sep 2021 09:25:48 +0000 (+0200)
Subject: pgcrypto: Check for error return of px_cipher_decrypt()
X-Git-Tag: REL_10_19~47
X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=841075a65cdc2d034dd8a473f25c5f584c8856d7;p=postgresql.git

pgcrypto: Check for error return of px_cipher_decrypt()

This has previously not been a problem (that anyone ever reported),
but in future OpenSSL versions (3.0.0), where legacy ciphers are/can
be disabled, this is the place where this is reported.  So we need to
catch the error here, otherwise the higher-level functions would
return garbage.  The nearby encryption code already handled errors
similarly.

Author: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com
Backpatch-through: 9.6
---

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index 8ec920224ad..0b2d890b726 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -300,6 +300,7 @@ static int
 combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
 			  uint8 *res, unsigned *rlen)
 {
+	int			err = 0;
 	unsigned	bs,
 				i,
 				pad;
@@ -325,7 +326,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
 
 	/* decrypt */
 	*rlen = dlen;
-	px_cipher_decrypt(c, data, dlen, res);
+	err = px_cipher_decrypt(c, data, dlen, res);
+	if (err)
+		return err;
 
 	/* unpad */
 	if (bs > 1 && cx->padding)