aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <dgustafsson@postgresql.org>2024-01-30 11:15:46 +0100
committerDaniel Gustafsson <dgustafsson@postgresql.org>2024-01-30 11:15:46 +0100
commitb527ebc1d37aa82b771dc9c76111bed1bce35a05 (patch)
tree962fa08088f08ea6ffa26944480321c0f3bf0056
parent4c48c0fe561c2b07831c2a296da637401cb953c6 (diff)
downloadpostgresql-b527ebc1d37aa82b771dc9c76111bed1bce35a05.tar.gz
postgresql-b527ebc1d37aa82b771dc9c76111bed1bce35a05.zip
pgcrypto: Fix check for buffer size
The code copying the PGP block into the temp buffer failed to account for the extra 2 bytes in the buffer which are needed for the prefix. If the block was oversized, subsequent checks of the prefix would have exceeded the buffer size. Since the block sizes are hardcoded in the list of supported ciphers it can be verified that there is no live bug here. Backpatch all the way for consistency though, as this bug is old. Author: Mikhail Gribkov <youzhick@gmail.com> Discussion: https://postgr.es/m/CAMEv5_uWvcMCMdRFDsJLz2Q8g16HEa9xWyfrkr+FYMMFJhawOw@mail.gmail.com Backpatch-through: v12
-rw-r--r--contrib/pgcrypto/pgp-decrypt.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
index d12dcad1945..e1ea5b3e58d 100644
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ b/contrib/pgcrypto/pgp-decrypt.c
@@ -250,7 +250,8 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
uint8 tmpbuf[PGP_MAX_BLOCK + 2];
len = pgp_get_cipher_block_size(ctx->cipher_algo);
- if (len > sizeof(tmpbuf))
+ /* Make sure we have space for prefix */
+ if (len > PGP_MAX_BLOCK)
return PXE_BUG;
res = pullf_read_max(src, len + 2, &buf, tmpbuf);