pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak

Поиск
Список
Период
Сортировка
От neilc@postgresql.org (Neil Conway)
Тема pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak
Дата
Msg-id 20060218204856.EFFB09DCA57@postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Log Message:
-----------
Patch from Marko Kreen:

pgcrypto crypt()/md5 and hmac() leak memory when compiled against
OpenSSL as openssl.c digest ->reset will do two DigestInit calls
against a context.  This happened to work with OpenSSL 0.9.6
but not with 0.9.7+.

Reason for the messy code was that I tried to avoid creating
wrapper structure to transport algorithm info and tried to use
OpenSSL context for it.  The fix is to create wrapper structure.

It also uses newer digest API to avoid memory allocations
on reset with newer OpenSSLs.

Thanks to Daniel Blaisdell for reporting it.

Tags:
----
REL8_0_STABLE

Modified Files:
--------------
    pgsql/contrib/pgcrypto:
        openssl.c (r1.13.4.2 -> r1.13.4.3)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/openssl.c.diff?r1=1.13.4.2&r2=1.13.4.3)

В списке pgsql-committers по дате отправления:

Предыдущее
От: neilc@postgresql.org (Neil Conway)
Дата:
Сообщение: pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak
Следующее
От: neilc@postgresql.org (Neil Conway)
Дата:
Сообщение: pgsql: Patch from Marko Kreen: pgcrypto crypt()/md5 and hmac() leak