pgcrypto: Check for error return of px_cipher_decrypt()

This has previously not been a problem (that anyone ever reported),
but in future OpenSSL versions (3.0.0), where legacy ciphers are/can
be disabled, this is the place where this is reported.  So we need to
catch the error here, otherwise the higher-level functions would
return garbage.  The nearby encryption code already handled errors
similarly.

Reviewed-by: Daniel Gustafsson <[email protected]>
Discussion: https://www.postgresql.org/message-id/9e9c431c-0adc-7a6d-9b1a-915de1ba3fe7@enterprisedb.com

diff --git a/contrib/pgcrypto/px.c b/contrib/pgcrypto/px.c
index a243f575d3be9490d3b0f073be828a616e914449..4205e9c3effe51e710525fd631861171f7ef476f 100644 (file)
--- a/contrib/pgcrypto/px.c
+++ b/contrib/pgcrypto/px.c
@@ -292,6 +292,7 @@ static int
 combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
              uint8 *res, unsigned *rlen)
 {
+   int         err = 0;
    unsigned    bs,
                i,
                pad;
@@ -317,7 +318,9 @@ combo_decrypt(PX_Combo *cx, const uint8 *data, unsigned dlen,
 
    /* decrypt */
    *rlen = dlen;
-   px_cipher_decrypt(c, data, dlen, res);
+   err = px_cipher_decrypt(c, data, dlen, res);
+   if (err)
+       return err;
 
    /* unpad */
    if (bs > 1 && cx->padding)