NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commita3ab7a7

committed

Fix corner case with 16kB-long decompression in pgcrypto, take 2

A compressed stream may end with an empty packet. In this casedecompression finishes before reading the empty packet and theremaining stream packet causes a failure in reading the followingdata. This commit makes sure to consume such extra data, avoiding afailure when decompression the data. This corner case was reproducibleeasily with a data length of 16kB, and existed sincee94dd6a. A cheapregression test is added to cover this case based on a random,incompressible string.The first attempt of this patch has allowed to find an older failurewithin the compression logic of pgcrypto, fixed byb9b6105. Thisinvolved SLES 15 with z390 where a custom flavor of libz gets used.Bonus thanks to Mark Wong for providing access to the specificenvironment.Reported-by: Frank GagnepainAuthor: Kyotaro Horiguchi, Michael PaquierReviewed-by: Tom LaneDiscussion:https://postgr.es/m/16476-692ef7b84e5fb893@postgresql.orgBackpatch-through: 9.5

1 parente971357 commita3ab7a7Copy full SHA for a3ab7a7

File tree

3 files changed

+72

-0

lines changed

contrib/pgcrypto
- expected
  - pgp-compression.out
- pgp-compress.c
- sql
  - pgp-compression.sql

3 files changed

+72

-0

lines changed

`‎contrib/pgcrypto/expected/pgp-compression.out`

Lines changed: 30 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,3 +48,33 @@ select pgp_sym_decrypt(`
`48`	`48`	`Secret message`
`49`	`49`	`(1 row)`
`50`	`50`
	`51`	`+-- check corner case involving an input string of 16kB, as per bug #16476.`
	`52`	`+SELECT setseed(0);`
	`53`	`+ setseed`
	`54`	`+---------`
	`55`	`+`
	`56`	`+(1 row)`
	`57`	`+`
	`58`	`+WITH random_string AS`
	`59`	`+(`
	`60`	`+ -- This generates a random string of 16366 bytes. This is chosen`
	`61`	`+ -- as random so that it does not get compressed, and the decompression`
	`62`	`+ -- would work on a string with the same length as the origin, making the`
	`63`	`+ -- test behavior more predictible. lpad() ensures that the generated`
	`64`	`+ -- hexadecimal value is completed by extra zero characters if random()`
	`65`	`+ -- has generated a value strictly lower than 16.`
	`66`	`+ SELECT string_agg(decode(lpad(to_hex((random()*256)::int), 2, '0'), 'hex'), '') as bytes`
	`67`	`+ FROM generate_series(0, 16365)`
	`68`	`+)`
	`69`	`+SELECT bytes =`
	`70`	`+ pgp_sym_decrypt_bytea(`
	`71`	`+ pgp_sym_encrypt_bytea(bytes, 'key',`
	`72`	`+ 'compress-algo=1,compress-level=1'),`
	`73`	`+ 'key', 'expect-compress-algo=1')`
	`74`	`+ AS is_same`
	`75`	`+ FROM random_string;`
	`76`	`+ is_same`
	`77`	`+---------`
	`78`	`+ t`
	`79`	`+(1 row)`
	`80`	`+`

`‎contrib/pgcrypto/pgp-compress.c`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -286,7 +286,28 @@ decompress_read(void priv, PullFilter src, int len,`
`286`	`286`
`287`	`287`	`dec->buf_data=dec->buf_len-dec->stream.avail_out;`
`288`	`288`	`if (res==Z_STREAM_END)`
	`289`	`+{`
	`290`	`+uint8*tmp;`
	`291`	`+`
	`292`	`+/*`
	`293`	`+ * A stream must be terminated by a normal packet. If the last stream`
	`294`	`+ * packet in the source stream is a full packet, a normal empty packet`
	`295`	`+ * must follow. Since the underlying packet reader doesn't know that`
	`296`	`+ * the compressed stream has been ended, we need to to consume the`
	`297`	`+ * terminating packet here. This read does not harm even if the`
	`298`	`+ * stream has already ended.`
	`299`	`+ */`
	`300`	`+res=pullf_read(src,1,&tmp);`
	`301`	`+`
	`302`	`+if (res<0)`
	`303`	`+returnres;`
	`304`	`+elseif (res>0)`
	`305`	`+{`
	`306`	`+px_debug("decompress_read: extra bytes after end of stream");`
	`307`	`+returnPXE_PGP_CORRUPT_DATA;`
	`308`	`+}`
`289`	`309`	`dec->eof=1;`
	`310`	`+}`
`290`	`311`	`gotorestart;`
`291`	`312`	`}`
`292`	`313`

`‎contrib/pgcrypto/sql/pgp-compression.sql`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,3 +28,24 @@ select pgp_sym_decrypt(`
`28`	`28`	`pgp_sym_encrypt('Secret message','key',`
`29`	`29`	`'compress-algo=2, compress-level=0'),`
`30`	`30`	`'key','expect-compress-algo=0');`
	`31`	`+`
	`32`	`+-- check corner case involving an input string of 16kB, as per bug #16476.`
	`33`	`+SELECT setseed(0);`
	`34`	`+WITH random_stringAS`
	`35`	`+(`
	`36`	`+-- This generates a random string of 16366 bytes. This is chosen`
	`37`	`+-- as random so that it does not get compressed, and the decompression`
	`38`	`+-- would work on a string with the same length as the origin, making the`
	`39`	`+-- test behavior more predictible. lpad() ensures that the generated`
	`40`	`+-- hexadecimal value is completed by extra zero characters if random()`
	`41`	`+-- has generated a value strictly lower than 16.`
	`42`	`+SELECT string_agg(decode(lpad(to_hex((random()*256)::int),2,'0'),'hex'),'')as bytes`
	`43`	`+FROM generate_series(0,16365)`
	`44`	`+)`
	`45`	`+SELECT bytes=`
	`46`	`+ pgp_sym_decrypt_bytea(`
	`47`	`+ pgp_sym_encrypt_bytea(bytes,'key',`
	`48`	`+'compress-algo=1,compress-level=1'),`
	`49`	`+'key','expect-compress-algo=1')`
	`50`	`+AS is_same`
	`51`	`+FROM random_string;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita3ab7a7

File tree

3 files changed

3 files changed

`‎contrib/pgcrypto/expected/pgp-compression.out`

`‎contrib/pgcrypto/pgp-compress.c`

`‎contrib/pgcrypto/sql/pgp-compression.sql`

0 commit comments