pgcrypto: Check for error return of px_cipher_decrypt()

This has previously not been a problem (that anyone ever reported), but in future OpenSSL versions (3.0.0), where legacy ciphers are/can be disabled, this is the place where this is reported. So we need to catch the error here, otherwise the higher-level functions would return garbage. The nearby encryption code already handled errors similarly. Author: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com Backpatch-through: 9.6
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:25:48 +0200
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2021-09-25 11:25:48 +0200
commit: 90cfd269f226ecf287df7b8df04f6a46515000d4 (patch)
tree: 2981e923d088a0eb63e6ddcfb119a2ac0f9d4f49
parent: 0872ccbfd8c988d69c79a93dd85f0e10f2ee6349 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index 0f02fb56c4f..2c6704e2577 100644
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -292,6 +292,7 @@ static int
 combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
 			  uint8 *res, unsigned *rlen)
 {
+	int			err = 0;
 	unsigned	bs,
 				i,
 				pad;
@@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
 
 	/* decrypt */
 	*rlen = dlen;
-	px_cipher_decrypt(c, data, dlen, res);
+	err = px_cipher_decrypt(c, data, dlen, res);
+	if (err)
+		return err;
 
 	/* unpad */
 	if (bs > 1 && cx->padding)
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:25:48 +0200
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2021-09-25 11:25:48 +0200
commit	90cfd269f226ecf287df7b8df04f6a46515000d4 (patch)
tree	2981e923d088a0eb63e6ddcfb119a2ac0f9d4f49
parent	0872ccbfd8c988d69c79a93dd85f0e10f2ee6349 (diff)