Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wbheW-002mFv-0M for pgsql-bugs@arkaria.postgresql.org; Mon, 22 Jun 2026 16:37:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wbheT-007PXv-1a for pgsql-bugs@arkaria.postgresql.org; Mon, 22 Jun 2026 16:37:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wbheT-007PXl-0G for pgsql-bugs@lists.postgresql.org; Mon, 22 Jun 2026 16:37:37 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wbheR-00000001cBN-2rk1 for pgsql-bugs@lists.postgresql.org; Mon, 22 Jun 2026 16:37:36 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.18.1/8.18.1) with ESMTP id 65MGbXE0484823; Mon, 22 Jun 2026 12:37:34 -0400 From: Tom Lane To: 3020001251@tju.edu.cn cc: pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19527: Double-Abort Crash in `ResOwnerReleaseOSSLCipher` via `encrypt_iv` with Oversized Input In-reply-to: <19527-6e7686960c6dce78@postgresql.org> References: <19527-6e7686960c6dce78@postgresql.org> Comments: In-reply-to PG Bug reporting form message dated "Thu, 18 Jun 2026 18:17:12 -0000" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <484821.1782146253.1@sss.pgh.pa.us> Date: Mon, 22 Jun 2026 12:37:33 -0400 Message-ID: <484822.1782146253@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk PG Bug reporting form writes: > Any role with `EXECUTE` on `encrypt_iv` (granted by default when pgcrypto is > installed) can crash the backend with a single statement: > ```sql > CREATE EXTENSION IF NOT EXISTS pgcrypto; > SELECT encrypt_iv( > repeat('A', 1073741308)::bytea, > decode('00112233445566778899aabbccddeeff', 'hex'), > decode('000102030405060708090a0b0c0d0e0f', 'hex'), > 'aes' > ); > ``` > The fix is to clear `od->owner` before calling `free_openssl_cipher` in > `ResOwnerReleaseOSSLCipher`: Good catch, thanks for the report! regards, tom lane