Add missing error check in pgcrypto/crypt-md5.c.

In theory, the second px_find_digest call in px_crypt_md5 could fail even though the first one succeeded, since resource allocation is required. Don't skip testing for a failure. (If one did happen, the likely result would be a crash rather than clean recovery from an OOM failure.) The code's been like this all along, so back-patch to all supported branches. Daniel Gustafsson Discussion: https://postgr.es/m/AA8D6FE9-4AB2-41B4-98CB-AE64BA668C03@yesql.se
2020-10-16 11:59:13 -04:00 · 2020-10-16 11:59:13 -04:00 · 02a75f8369
parent bc49f8780b
commit 02a75f8369
1 changed files with 7 additions and 1 deletions
--- a/contrib/pgcrypto/crypt-md5.c
+++ b/contrib/pgcrypto/crypt-md5.c
@ -65,11 +65,17 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
 	/* get the length of the true salt */
 	sl = ep - sp;

-	/* */
+	/* we need two PX_MD objects */
 	err = px_find_digest("md5", &ctx);
 	if (err)
 		return NULL;
 	err = px_find_digest("md5", &ctx1);
+	if (err)
+	{
+		/* this path is possible under low-memory circumstances */
+		px_md_free(ctx);
+		return NULL;
+	}

 	/* The password first, since that is what is most unknown */
 	px_md_update(ctx, (const uint8 *) pw, strlen(pw));