mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-07-15 18:51:09 +02:00
a3ab7a707d
A compressed stream may end with an empty packet. In this case decompression finishes before reading the empty packet and the remaining stream packet causes a failure in reading the following data. This commit makes sure to consume such extra data, avoiding a failure when decompression the data. This corner case was reproducible easily with a data length of 16kB, and existed sincee94dd6a. A cheap regression test is added to cover this case based on a random, incompressible string. The first attempt of this patch has allowed to find an older failure within the compression logic of pgcrypto, fixed byb9b6105. This involved SLES 15 with z390 where a custom flavor of libz gets used. Bonus thanks to Mark Wong for providing access to the specific environment. Reported-by: Frank Gagnepain Author: Kyotaro Horiguchi, Michael Paquier Reviewed-by: Tom Lane Discussion: https://postgr.es/m/16476-692ef7b84e5fb893@postgresql.org Backpatch-through: 9.5
52 lines
1.7 KiB
SQL
52 lines
1.7 KiB
SQL
--
|
|
-- PGP compression support
|
|
--
|
|
|
|
select pgp_sym_decrypt(dearmor('
|
|
-----BEGIN PGP MESSAGE-----
|
|
|
|
ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
|
|
DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
|
|
=tbSn
|
|
-----END PGP MESSAGE-----
|
|
'), 'key', 'expect-compress-algo=1');
|
|
|
|
select pgp_sym_decrypt(
|
|
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
|
|
'key', 'expect-compress-algo=0');
|
|
|
|
select pgp_sym_decrypt(
|
|
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
|
|
'key', 'expect-compress-algo=1');
|
|
|
|
select pgp_sym_decrypt(
|
|
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
|
|
'key', 'expect-compress-algo=2');
|
|
|
|
-- level=0 should turn compression off
|
|
select pgp_sym_decrypt(
|
|
pgp_sym_encrypt('Secret message', 'key',
|
|
'compress-algo=2, compress-level=0'),
|
|
'key', 'expect-compress-algo=0');
|
|
|
|
-- check corner case involving an input string of 16kB, as per bug #16476.
|
|
SELECT setseed(0);
|
|
WITH random_string AS
|
|
(
|
|
-- This generates a random string of 16366 bytes. This is chosen
|
|
-- as random so that it does not get compressed, and the decompression
|
|
-- would work on a string with the same length as the origin, making the
|
|
-- test behavior more predictible. lpad() ensures that the generated
|
|
-- hexadecimal value is completed by extra zero characters if random()
|
|
-- has generated a value strictly lower than 16.
|
|
SELECT string_agg(decode(lpad(to_hex((random()*256)::int), 2, '0'), 'hex'), '') as bytes
|
|
FROM generate_series(0, 16365)
|
|
)
|
|
SELECT bytes =
|
|
pgp_sym_decrypt_bytea(
|
|
pgp_sym_encrypt_bytea(bytes, 'key',
|
|
'compress-algo=1,compress-level=1'),
|
|
'key', 'expect-compress-algo=1')
|
|
AS is_same
|
|
FROM random_string;
|