NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb83dcf7

committed

Add result size as argument of pg_cryptohash_final() for overflow checks

With its current design, a careless use of pg_cryptohash_final() couldwould result in an out-of-bound write in memory as the size of thedestination buffer to store the result digest is not known to thecryptohash internals, without the caller knowing about that. Thiscommit adds a new argument to pg_cryptohash_final() to allow such sanitychecks, and implements such defenses.The internals of SCRAM for HMAC could be tightened a bit more, but aseverything is based on SCRAM_KEY_LEN with uses particular to this codethere is no need to complicate its interface more than necessary, andthis comes back to the refactoring of HMAC in core. Except that, thisminimizes the uses of the existing DIGEST_LENGTH variables, relyinginstead on sizeof() for the result sizes. In ossp-uuid, this also makesthe code more defensive, as it already relied on dce_uuid_t being atleast the size of a MD5 digest.This is in philosophy similar tocfc40d3 for base64.c andaef8948 forhex.c.Reported-by: Ranier VilelaAuthor: Michael Paquier, Ranier VilelaReviewed-by: Kyotaro HoriguchiDiscussion:https://postgr.es/m/CAEudQAoqEGmcff3J4sTSV-R_16Monuz-UpJFbf_dnVH=APr02Q@mail.gmail.com

1 parent2dd6733 commitb83dcf7Copy full SHA for b83dcf7

File tree

13 files changed

+82

-31

lines changed

contrib
- pgcrypto
  - internal-sha2.c
  - internal.c
- uuid-ossp
  - uuid-ossp.c
src
- backend
  - libpq
    - auth-scram.c
  - replication
    - backup_manifest.c
  - utils/adt
    - cryptohashfuncs.c
- bin/pg_verifybackup
  - parse_manifest.c
- common
- include/common
  - cryptohash.h

13 files changed

+82

-31

lines changed

`‎contrib/pgcrypto/internal-sha2.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ int_sha2_finish(PX_MD h, uint8 dst)`
`118`	`118`	`{`
`119`	`119`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`120`	`120`
`121`		`-if (pg_cryptohash_final(ctx,dst)<0)`
	`121`	`+if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`122`	`122`	`elog(ERROR,"could not finalize %s context","SHA2");`
`123`	`123`	`}`
`124`	`124`

`‎contrib/pgcrypto/internal.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ int_md5_finish(PX_MD h, uint8 dst)`
`106`	`106`	`{`
`107`	`107`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`108`	`108`
`109`		`-if (pg_cryptohash_final(ctx,dst)<0)`
	`109`	`+if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`110`	`110`	`elog(ERROR,"could not finalize %s context","MD5");`
`111`	`111`	`}`
`112`	`112`
`@@ -156,7 +156,7 @@ int_sha1_finish(PX_MD h, uint8 dst)`
`156`	`156`	`{`
`157`	`157`	`pg_cryptohash_ctxctx= (pg_cryptohash_ctx)h->p.ptr;`
`158`	`158`
`159`		`-if (pg_cryptohash_final(ctx,dst)<0)`
	`159`	`+if (pg_cryptohash_final(ctx,dst,h->result_size(h))<0)`
`160`	`160`	`elog(ERROR,"could not finalize %s context","SHA1");`
`161`	`161`	`}`
`162`	`162`

`‎contrib/uuid-ossp/uuid-ossp.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,8 @@ uuid_generate_internal(int v, unsigned char ns, const char ptr, int len)`
`324`	`324`	`pg_cryptohash_update(ctx, (unsignedchar*)ptr,len)<0)`
`325`	`325`	`elog(ERROR,"could not update %s context","MD5");`
`326`	`326`	`/* we assume sizeof MD5 result is 16, same as UUID size */`
`327`		`-if (pg_cryptohash_final(ctx, (unsignedchar*)&uu)<0)`
	`327`	`+if (pg_cryptohash_final(ctx, (unsignedchar*)&uu,`
	`328`	`+sizeof(uu))<0)`
`328`	`329`	`elog(ERROR,"could not finalize %s context","MD5");`
`329`	`330`	`pg_cryptohash_free(ctx);`
`330`	`331`	`}`
`@@ -338,7 +339,7 @@ uuid_generate_internal(int v, unsigned char ns, const char ptr, int len)`
`338`	`339`	`if (pg_cryptohash_update(ctx,ns,sizeof(uu))<0\|\|`
`339`	`340`	`pg_cryptohash_update(ctx, (unsignedchar*)ptr,len)<0)`
`340`	`341`	`elog(ERROR,"could not update %s context","SHA1");`
`341`		`-if (pg_cryptohash_final(ctx,sha1result)<0)`
	`342`	`+if (pg_cryptohash_final(ctx,sha1result,sizeof(sha1result))<0)`
`342`	`343`	`elog(ERROR,"could not finalize %s context","SHA1");`
`343`	`344`	`pg_cryptohash_free(ctx);`
`344`	`345`

`‎src/backend/libpq/auth-scram.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1429,7 +1429,7 @@ scram_mock_salt(const char *username)`
`1429`	`1429`	`if (pg_cryptohash_init(ctx)<0\|\|`
`1430`	`1430`	`pg_cryptohash_update(ctx, (uint8*)username,strlen(username))<0\|\|`
`1431`	`1431`	`pg_cryptohash_update(ctx, (uint8*)mock_auth_nonce,MOCK_AUTH_NONCE_LEN)<0\|\|`
`1432`		`-pg_cryptohash_final(ctx,sha_digest)<0)`
	`1432`	`+pg_cryptohash_final(ctx,sha_digest,sizeof(sha_digest))<0)`
`1433`	`1433`	`{`
`1434`	`1434`	`pg_cryptohash_free(ctx);`
`1435`	`1435`	`returnNULL;`

`‎src/backend/replication/backup_manifest.c`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -330,12 +330,13 @@ SendBackupManifest(backup_manifest_info *manifest)`
`330`	`330`	`* twice.`
`331`	`331`	`*/`
`332`	`332`	`manifest->still_checksumming= false;`
`333`		`-if (pg_cryptohash_final(manifest->manifest_ctx,checksumbuf)<0)`
	`333`	`+if (pg_cryptohash_final(manifest->manifest_ctx,checksumbuf,`
	`334`	`+sizeof(checksumbuf))<0)`
`334`	`335`	`elog(ERROR,"failed to finalize checksum of backup manifest");`
`335`	`336`	`AppendStringToManifest(manifest,"\"Manifest-Checksum\": \"");`
`336`		`-dstlen=pg_hex_enc_len(PG_SHA256_DIGEST_LENGTH);`
	`337`	`+dstlen=pg_hex_enc_len(sizeof(checksumbuf));`
`337`	`338`	`checksumstringbuf=palloc0(dstlen+1);/* includes \0 */`
`338`		`-pg_hex_encode((char*)checksumbuf,sizeofchecksumbuf,`
	`339`	`+pg_hex_encode((char*)checksumbuf,sizeof(checksumbuf),`
`339`	`340`	`checksumstringbuf,dstlen);`
`340`	`341`	`checksumstringbuf[dstlen]='\0';`
`341`	`342`	`AppendStringToManifest(manifest,checksumstringbuf);`

`‎src/backend/utils/adt/cryptohashfuncs.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,8 @@ cryptohash_internal(pg_cryptohash_type type, bytea *input)`
`114`	`114`	`elog(ERROR,"could not initialize %s context",typestr);`
`115`	`115`	`if (pg_cryptohash_update(ctx,data,len)<0)`
`116`	`116`	`elog(ERROR,"could not update %s context",typestr);`
`117`		`-if (pg_cryptohash_final(ctx, (unsignedchar*)VARDATA(result))<0)`
	`117`	`+if (pg_cryptohash_final(ctx, (unsignedchar*)VARDATA(result),`
	`118`	`+digest_len)<0)`
`118`	`119`	`elog(ERROR,"could not finalize %s context",typestr);`
`119`	`120`	`pg_cryptohash_free(ctx);`
`120`	`121`

`‎src/bin/pg_verifybackup/parse_manifest.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -659,7 +659,8 @@ verify_manifest_checksum(JsonManifestParseState parse, char buffer,`
`659`	`659`	`context->error_cb(context,"could not initialize checksum of manifest");`
`660`	`660`	`if (pg_cryptohash_update(manifest_ctx, (uint8*)buffer,penultimate_newline+1)<0)`
`661`	`661`	`context->error_cb(context,"could not update checksum of manifest");`
`662`		`-if (pg_cryptohash_final(manifest_ctx,manifest_checksum_actual)<0)`
	`662`	`+if (pg_cryptohash_final(manifest_ctx,manifest_checksum_actual,`
	`663`	`+sizeof(manifest_checksum_actual))<0)`
`663`	`664`	`context->error_cb(context,"could not finalize checksum of manifest");`
`664`	`665`
`665`	`666`	`/* Now verify it. */`

`‎src/common/checksum_helper.c`

Lines changed: 12 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -198,28 +198,32 @@ pg_checksum_final(pg_checksum_context context, uint8 output)`
`198`	`198`	`memcpy(output,&context->raw_context.c_crc32c,retval);`
`199`	`199`	`break;`
`200`	`200`	`caseCHECKSUM_TYPE_SHA224:`
`201`		`-if (pg_cryptohash_final(context->raw_context.c_sha2,output)<0)`
	`201`	`+retval=PG_SHA224_DIGEST_LENGTH;`
	`202`	`+if (pg_cryptohash_final(context->raw_context.c_sha2,`
	`203`	`+output,retval)<0)`
`202`	`204`	`return-1;`
`203`	`205`	`pg_cryptohash_free(context->raw_context.c_sha2);`
`204`		`-retval=PG_SHA224_DIGEST_LENGTH;`
`205`	`206`	`break;`
`206`	`207`	`caseCHECKSUM_TYPE_SHA256:`
`207`		`-if (pg_cryptohash_final(context->raw_context.c_sha2,output)<0)`
	`208`	`+retval=PG_SHA256_DIGEST_LENGTH;`
	`209`	`+if (pg_cryptohash_final(context->raw_context.c_sha2,`
	`210`	`+output,retval)<0)`
`208`	`211`	`return-1;`
`209`	`212`	`pg_cryptohash_free(context->raw_context.c_sha2);`
`210`		`-retval=PG_SHA256_DIGEST_LENGTH;`
`211`	`213`	`break;`
`212`	`214`	`caseCHECKSUM_TYPE_SHA384:`
`213`		`-if (pg_cryptohash_final(context->raw_context.c_sha2,output)<0)`
	`215`	`+retval=PG_SHA384_DIGEST_LENGTH;`
	`216`	`+if (pg_cryptohash_final(context->raw_context.c_sha2,`
	`217`	`+output,retval)<0)`
`214`	`218`	`return-1;`
`215`	`219`	`pg_cryptohash_free(context->raw_context.c_sha2);`
`216`		`-retval=PG_SHA384_DIGEST_LENGTH;`
`217`	`220`	`break;`
`218`	`221`	`caseCHECKSUM_TYPE_SHA512:`
`219`		`-if (pg_cryptohash_final(context->raw_context.c_sha2,output)<0)`
	`222`	`+retval=PG_SHA512_DIGEST_LENGTH;`
	`223`	`+if (pg_cryptohash_final(context->raw_context.c_sha2,`
	`224`	`+output,retval)<0)`
`220`	`225`	`return-1;`
`221`	`226`	`pg_cryptohash_free(context->raw_context.c_sha2);`
`222`		`-retval=PG_SHA512_DIGEST_LENGTH;`
`223`	`227`	`break;`
`224`	`228`	`}`
`225`	`229`

`‎src/common/cryptohash.c`

Lines changed: 16 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -160,34 +160,46 @@ pg_cryptohash_update(pg_cryptohash_ctx ctx, const uint8 data, size_t len)`
`160`	`160`	`/*`
`161`	`161`	`* pg_cryptohash_final`
`162`	`162`	`*`
`163`		`- * Finalize a hash context. Note that this implementation is designed`
`164`		`- *tonever fail, so this always returns 0 except if thecaller has`
`165`		`- *given a NULL context.`
	`163`	`+ * Finalize a hash context. Note that this implementation is designed to`
	`164`	`+ * never fail, so this always returns 0 except if thedestination buffer`
	`165`	`+ *is not large enough.`
`166`	`166`	`*/`
`167`	`167`	`int`
`168`		`-pg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest)`
	`168`	`+pg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest,size_tlen)`
`169`	`169`	`{`
`170`	`170`	`if (ctx==NULL)`
`171`	`171`	`return-1;`
`172`	`172`
`173`	`173`	`switch (ctx->type)`
`174`	`174`	`{`
`175`	`175`	`casePG_MD5:`
	`176`	`+if (len<MD5_DIGEST_LENGTH)`
	`177`	`+return-1;`
`176`	`178`	`pg_md5_final(&ctx->data.md5,dest);`
`177`	`179`	`break;`
`178`	`180`	`casePG_SHA1:`
	`181`	`+if (len<SHA1_DIGEST_LENGTH)`
	`182`	`+return-1;`
`179`	`183`	`pg_sha1_final(&ctx->data.sha1,dest);`
`180`	`184`	`break;`
`181`	`185`	`casePG_SHA224:`
	`186`	`+if (len<PG_SHA224_DIGEST_LENGTH)`
	`187`	`+return-1;`
`182`	`188`	`pg_sha224_final(&ctx->data.sha224,dest);`
`183`	`189`	`break;`
`184`	`190`	`casePG_SHA256:`
	`191`	`+if (len<PG_SHA256_DIGEST_LENGTH)`
	`192`	`+return-1;`
`185`	`193`	`pg_sha256_final(&ctx->data.sha256,dest);`
`186`	`194`	`break;`
`187`	`195`	`casePG_SHA384:`
	`196`	`+if (len<PG_SHA384_DIGEST_LENGTH)`
	`197`	`+return-1;`
`188`	`198`	`pg_sha384_final(&ctx->data.sha384,dest);`
`189`	`199`	`break;`
`190`	`200`	`casePG_SHA512:`
	`201`	`+if (len<PG_SHA512_DIGEST_LENGTH)`
	`202`	`+return-1;`
`191`	`203`	`pg_sha512_final(&ctx->data.sha512,dest);`
`192`	`204`	`break;`
`193`	`205`	`}`

`‎src/common/cryptohash_openssl.c`

Lines changed: 32 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@`
`24`	`24`	`#include<openssl/evp.h>`
`25`	`25`
`26`	`26`	`#include"common/cryptohash.h"`
	`27`	`+#include"common/md5.h"`
	`28`	`+#include"common/sha1.h"`
	`29`	`+#include"common/sha2.h"`
`27`	`30`	`#ifndefFRONTEND`
`28`	`31`	`#include"utils/memutils.h"`
`29`	`32`	`#include"utils/resowner.h"`
`@@ -181,13 +184,41 @@ pg_cryptohash_update(pg_cryptohash_ctx ctx, const uint8 data, size_t len)`
`181`	`184`	`* Finalize a hash context. Returns 0 on success, and -1 on failure.`
`182`	`185`	`*/`
`183`	`186`	`int`
`184`		`-pg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest)`
	`187`	`+pg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest,size_tlen)`
`185`	`188`	`{`
`186`	`189`	`intstatus=0;`
`187`	`190`
`188`	`191`	`if (ctx==NULL)`
`189`	`192`	`return-1;`
`190`	`193`
	`194`	`+switch (ctx->type)`
	`195`	`+{`
	`196`	`+casePG_MD5:`
	`197`	`+if (len<MD5_DIGEST_LENGTH)`
	`198`	`+return-1;`
	`199`	`+break;`
	`200`	`+casePG_SHA1:`
	`201`	`+if (len<SHA1_DIGEST_LENGTH)`
	`202`	`+return-1;`
	`203`	`+break;`
	`204`	`+casePG_SHA224:`
	`205`	`+if (len<PG_SHA224_DIGEST_LENGTH)`
	`206`	`+return-1;`
	`207`	`+break;`
	`208`	`+casePG_SHA256:`
	`209`	`+if (len<PG_SHA256_DIGEST_LENGTH)`
	`210`	`+return-1;`
	`211`	`+break;`
	`212`	`+casePG_SHA384:`
	`213`	`+if (len<PG_SHA384_DIGEST_LENGTH)`
	`214`	`+return-1;`
	`215`	`+break;`
	`216`	`+casePG_SHA512:`
	`217`	`+if (len<PG_SHA512_DIGEST_LENGTH)`
	`218`	`+return-1;`
	`219`	`+break;`
	`220`	`+}`
	`221`	`+`
`191`	`222`	`status=EVP_DigestFinal_ex(ctx->evpctx,dest,0);`
`192`	`223`
`193`	`224`	`/* OpenSSL internals return 1 on success, 0 on failure */`

`‎src/common/md5_common.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ pg_md5_hash(const void buff, size_t len, char hexsum)`
`78`	`78`
`79`	`79`	`if (pg_cryptohash_init(ctx)<0\|\|`
`80`	`80`	`pg_cryptohash_update(ctx,buff,len)<0\|\|`
`81`		`-pg_cryptohash_final(ctx,sum)<0)`
	`81`	`+pg_cryptohash_final(ctx,sum,sizeof(sum))<0)`
`82`	`82`	`{`
`83`	`83`	`pg_cryptohash_free(ctx);`
`84`	`84`	`return false;`
`@@ -100,7 +100,7 @@ pg_md5_binary(const void buff, size_t len, void outbuf)`
`100`	`100`
`101`	`101`	`if (pg_cryptohash_init(ctx)<0\|\|`
`102`	`102`	`pg_cryptohash_update(ctx,buff,len)<0\|\|`
`103`		`-pg_cryptohash_final(ctx,outbuf)<0)`
	`103`	`+pg_cryptohash_final(ctx,outbuf,MD5_DIGEST_LENGTH)<0)`
`104`	`104`	`{`
`105`	`105`	`pg_cryptohash_free(ctx);`
`106`	`106`	`return false;`

`‎src/common/scram-common.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ scram_HMAC_init(scram_HMAC_ctx ctx, const uint8 key, int keylen)`
`51`	`51`	`return-1;`
`52`	`52`	`if (pg_cryptohash_init(sha256_ctx)<0\|\|`
`53`	`53`	`pg_cryptohash_update(sha256_ctx,key,keylen)<0\|\|`
`54`		`-pg_cryptohash_final(sha256_ctx,keybuf)<0)`
	`54`	`+pg_cryptohash_final(sha256_ctx,keybuf,sizeof(keybuf))<0)`
`55`	`55`	`{`
`56`	`56`	`pg_cryptohash_free(sha256_ctx);`
`57`	`57`	`return-1;`
`@@ -112,7 +112,7 @@ scram_HMAC_final(uint8 result, scram_HMAC_ctx ctx)`
`112`	`112`
`113`	`113`	`Assert(ctx->sha256ctx!=NULL);`
`114`	`114`
`115`		`-if (pg_cryptohash_final(ctx->sha256ctx,h)<0)`
	`115`	`+if (pg_cryptohash_final(ctx->sha256ctx,h,sizeof(h))<0)`
`116`	`116`	`{`
`117`	`117`	`pg_cryptohash_free(ctx->sha256ctx);`
`118`	`118`	`return-1;`
`@@ -122,7 +122,7 @@ scram_HMAC_final(uint8 result, scram_HMAC_ctx ctx)`
`122`	`122`	`if (pg_cryptohash_init(ctx->sha256ctx)<0\|\|`
`123`	`123`	`pg_cryptohash_update(ctx->sha256ctx,ctx->k_opad,SHA256_HMAC_B)<0\|\|`
`124`	`124`	`pg_cryptohash_update(ctx->sha256ctx,h,SCRAM_KEY_LEN)<0\|\|`
`125`		`-pg_cryptohash_final(ctx->sha256ctx,result)<0)`
	`125`	`+pg_cryptohash_final(ctx->sha256ctx,result,SCRAM_KEY_LEN)<0)`
`126`	`126`	`{`
`127`	`127`	`pg_cryptohash_free(ctx->sha256ctx);`
`128`	`128`	`return-1;`
`@@ -202,7 +202,7 @@ scram_H(const uint8 input, int len, uint8 result)`
`202`	`202`
`203`	`203`	`if (pg_cryptohash_init(ctx)<0\|\|`
`204`	`204`	`pg_cryptohash_update(ctx,input,len)<0\|\|`
`205`		`-pg_cryptohash_final(ctx,result)<0)`
	`205`	`+pg_cryptohash_final(ctx,result,SCRAM_KEY_LEN)<0)`
`206`	`206`	`{`
`207`	`207`	`pg_cryptohash_free(ctx);`
`208`	`208`	`return-1;`

`‎src/include/common/cryptohash.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ typedef struct pg_cryptohash_ctx pg_cryptohash_ctx;`
`32`	`32`	`externpg_cryptohash_ctx*pg_cryptohash_create(pg_cryptohash_typetype);`
`33`	`33`	`externintpg_cryptohash_init(pg_cryptohash_ctx*ctx);`
`34`	`34`	`externintpg_cryptohash_update(pg_cryptohash_ctxctx,constuint8data,size_tlen);`
`35`		`-externintpg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest);`
	`35`	`+externintpg_cryptohash_final(pg_cryptohash_ctxctx,uint8dest,size_tlen);`
`36`	`36`	`externvoidpg_cryptohash_free(pg_cryptohash_ctx*ctx);`
`37`	`37`
`38`	`38`	`#endif/* PG_CRYPTOHASH_H */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb83dcf7

File tree

13 files changed

13 files changed

`‎contrib/pgcrypto/internal-sha2.c`

`‎contrib/pgcrypto/internal.c`

`‎contrib/uuid-ossp/uuid-ossp.c`

`‎src/backend/libpq/auth-scram.c`

`‎src/backend/replication/backup_manifest.c`

`‎src/backend/utils/adt/cryptohashfuncs.c`

`‎src/bin/pg_verifybackup/parse_manifest.c`

`‎src/common/checksum_helper.c`

`‎src/common/cryptohash.c`

`‎src/common/cryptohash_openssl.c`

`‎src/common/md5_common.c`

`‎src/common/scram-common.c`

`‎src/include/common/cryptohash.h`

0 commit comments