mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-04 23:16:56 +02:00
Fix corner case with 16kB-long decompression in pgcrypto, take 2
A compressed stream may end with an empty packet. In this case decompression finishes before reading the empty packet and the remaining stream packet causes a failure in reading the following data. This commit makes sure to consume such extra data, avoiding a failure when decompression the data. This corner case was reproducible easily with a data length of 16kB, and existed sincee94dd6a
. A cheap regression test is added to cover this case based on a random, incompressible string. The first attempt of this patch has allowed to find an older failure within the compression logic of pgcrypto, fixed byb9b6105
. This involved SLES 15 with z390 where a custom flavor of libz gets used. Bonus thanks to Mark Wong for providing access to the specific environment. Reported-by: Frank Gagnepain Author: Kyotaro Horiguchi, Michael Paquier Reviewed-by: Tom Lane Discussion: https://postgr.es/m/16476-692ef7b84e5fb893@postgresql.org Backpatch-through: 9.5
This commit is contained in:
parent
61a4a3a62a
commit
5bd087eb5d
@ -48,3 +48,33 @@ select pgp_sym_decrypt(
|
|||||||
Secret message
|
Secret message
|
||||||
(1 row)
|
(1 row)
|
||||||
|
|
||||||
|
-- check corner case involving an input string of 16kB, as per bug #16476.
|
||||||
|
SELECT setseed(0);
|
||||||
|
setseed
|
||||||
|
---------
|
||||||
|
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
WITH random_string AS
|
||||||
|
(
|
||||||
|
-- This generates a random string of 16366 bytes. This is chosen
|
||||||
|
-- as random so that it does not get compressed, and the decompression
|
||||||
|
-- would work on a string with the same length as the origin, making the
|
||||||
|
-- test behavior more predictible. lpad() ensures that the generated
|
||||||
|
-- hexadecimal value is completed by extra zero characters if random()
|
||||||
|
-- has generated a value strictly lower than 16.
|
||||||
|
SELECT string_agg(decode(lpad(to_hex((random()*256)::int), 2, '0'), 'hex'), '') as bytes
|
||||||
|
FROM generate_series(0, 16365)
|
||||||
|
)
|
||||||
|
SELECT bytes =
|
||||||
|
pgp_sym_decrypt_bytea(
|
||||||
|
pgp_sym_encrypt_bytea(bytes, 'key',
|
||||||
|
'compress-algo=1,compress-level=1'),
|
||||||
|
'key', 'expect-compress-algo=1')
|
||||||
|
AS is_same
|
||||||
|
FROM random_string;
|
||||||
|
is_same
|
||||||
|
---------
|
||||||
|
t
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
@ -287,7 +287,28 @@ restart:
|
|||||||
|
|
||||||
dec->buf_data = dec->buf_len - dec->stream.avail_out;
|
dec->buf_data = dec->buf_len - dec->stream.avail_out;
|
||||||
if (res == Z_STREAM_END)
|
if (res == Z_STREAM_END)
|
||||||
|
{
|
||||||
|
uint8 *tmp;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* A stream must be terminated by a normal packet. If the last stream
|
||||||
|
* packet in the source stream is a full packet, a normal empty packet
|
||||||
|
* must follow. Since the underlying packet reader doesn't know that
|
||||||
|
* the compressed stream has been ended, we need to to consume the
|
||||||
|
* terminating packet here. This read does not harm even if the
|
||||||
|
* stream has already ended.
|
||||||
|
*/
|
||||||
|
res = pullf_read(src, 1, &tmp);
|
||||||
|
|
||||||
|
if (res < 0)
|
||||||
|
return res;
|
||||||
|
else if (res > 0)
|
||||||
|
{
|
||||||
|
px_debug("decompress_read: extra bytes after end of stream");
|
||||||
|
return PXE_PGP_CORRUPT_DATA;
|
||||||
|
}
|
||||||
dec->eof = 1;
|
dec->eof = 1;
|
||||||
|
}
|
||||||
goto restart;
|
goto restart;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,3 +28,24 @@ select pgp_sym_decrypt(
|
|||||||
pgp_sym_encrypt('Secret message', 'key',
|
pgp_sym_encrypt('Secret message', 'key',
|
||||||
'compress-algo=2, compress-level=0'),
|
'compress-algo=2, compress-level=0'),
|
||||||
'key', 'expect-compress-algo=0');
|
'key', 'expect-compress-algo=0');
|
||||||
|
|
||||||
|
-- check corner case involving an input string of 16kB, as per bug #16476.
|
||||||
|
SELECT setseed(0);
|
||||||
|
WITH random_string AS
|
||||||
|
(
|
||||||
|
-- This generates a random string of 16366 bytes. This is chosen
|
||||||
|
-- as random so that it does not get compressed, and the decompression
|
||||||
|
-- would work on a string with the same length as the origin, making the
|
||||||
|
-- test behavior more predictible. lpad() ensures that the generated
|
||||||
|
-- hexadecimal value is completed by extra zero characters if random()
|
||||||
|
-- has generated a value strictly lower than 16.
|
||||||
|
SELECT string_agg(decode(lpad(to_hex((random()*256)::int), 2, '0'), 'hex'), '') as bytes
|
||||||
|
FROM generate_series(0, 16365)
|
||||||
|
)
|
||||||
|
SELECT bytes =
|
||||||
|
pgp_sym_decrypt_bytea(
|
||||||
|
pgp_sym_encrypt_bytea(bytes, 'key',
|
||||||
|
'compress-algo=1,compress-level=1'),
|
||||||
|
'key', 'expect-compress-algo=1')
|
||||||
|
AS is_same
|
||||||
|
FROM random_string;
|
||||||
|
Loading…
Reference in New Issue
Block a user