Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit e15115b

Browse filesBrowse files
tglsfdctglsfdc
committed
Add missing error check in pgcrypto/crypt-md5.c.
In theory, the second px_find_digest call in px_crypt_md5 could fail even though the first one succeeded, since resource allocation is required. Don't skip testing for a failure. (If one did happen, the likely result would be a crash rather than clean recovery from an OOM failure.) The code's been like this all along, so back-patch to all supported branches. Daniel Gustafsson Discussion: https://postgr.es/m/AA8D6FE9-4AB2-41B4-98CB-AE64BA668C03@yesql.se
1 parent 35b1294 commit e15115b
Copy full SHA for e15115b

File tree

Expand file treeCollapse file tree

1 file changed

+7
-1
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+7
-1
lines changed

‎contrib/pgcrypto/crypt-md5.c

Copy file name to clipboardExpand all lines: contrib/pgcrypto/crypt-md5.c
+7-1Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,17 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
6565
/* get the length of the true salt */
6666
sl = ep - sp;
6767

68-
/* */
68+
/* we need two PX_MD objects */
6969
err = px_find_digest("md5", &ctx);
7070
if (err)
7171
return NULL;
7272
err = px_find_digest("md5", &ctx1);
73+
if (err)
74+
{
75+
/* this path is possible under low-memory circumstances */
76+
px_md_free(ctx);
77+
return NULL;
78+
}
7379

7480
/* The password first, since that is what is most unknown */
7581
px_md_update(ctx, (const uint8 *) pw, strlen(pw));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.