85270ac7a2
This has been the predominant outcome. When the output of decrypting with a wrong key coincidentally resembled an OpenPGP packet header, pgcrypto could instead report "Corrupt data", "Not text data" or "Unsupported compression algorithm". The distinct "Corrupt data" message added no value. The latter two error messages misled when the decrypted payload also exhibited fundamental integrity problems. Worse, error message variance in other systems has enabled cryptologic attacks; see RFC 4880 section "14. Security Considerations". Whether these pgcrypto behaviors are likewise exploitable is unknown. In passing, document that pgcrypto does not resist side-channel attacks. Back-patch to 9.0 (all supported versions). Security: CVE-2015-3167 |
||
|---|---|---|
| .. | ||
| adminpack | ||
| auth_delay | ||
| auto_explain | ||
| btree_gin | ||
| btree_gist | ||
| chkpass | ||
| citext | ||
| cube | ||
| dblink | ||
| dict_int | ||
| dict_xsyn | ||
| earthdistance | ||
| file_fdw | ||
| fuzzystrmatch | ||
| hstore | ||
| hstore_plperl | ||
| hstore_plpython | ||
| intagg | ||
| intarray | ||
| isn | ||
| lo | ||
| ltree | ||
| ltree_plpython | ||
| oid2name | ||
| pageinspect | ||
| passwordcheck | ||
| pg_audit | ||
| pg_buffercache | ||
| pg_freespacemap | ||
| pg_prewarm | ||
| pg_standby | ||
| pg_stat_statements | ||
| pg_trgm | ||
| pgcrypto | ||
| pgrowlocks | ||
| pgstattuple | ||
| postgres_fdw | ||
| seg | ||
| sepgsql | ||
| spi | ||
| sslinfo | ||
| start-scripts | ||
| tablefunc | ||
| tcn | ||
| test_decoding | ||
| tsearch2 | ||
| tsm_system_rows | ||
| tsm_system_time | ||
| unaccent | ||
| uuid-ossp | ||
| vacuumlo | ||
| xml2 | ||
| Makefile | ||
| README | ||
| contrib-global.mk | ||
README
The PostgreSQL contrib tree
---------------------------
This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree. This does not preclude their
usefulness.
User documentation for each module appears in the main SGML
documentation.
When building from the source distribution, these modules are not
built automatically, unless you build the "world" target. You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.
Some directories supply new user-defined functions, operators, or
types. To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command. In a fresh database,
you can simply do
CREATE EXTENSION module_name;
See the PostgreSQL documentation for more information about this
procedure.