database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-26 01:22:12 +03:00
Code Activity
Files
config
contrib
adminpack
amcheck
auth_delay
auto_explain
bloom
btree_gin
btree_gist
citext
cube
dblink
dict_int
dict_xsyn
earthdistance
file_fdw
fuzzystrmatch
hstore
hstore_plperl
hstore_plpython
intagg
intarray
isn
jsonb_plperl
jsonb_plpython
lo
ltree
ltree_plpython
oid2name
pageinspect
passwordcheck
pg_buffercache
pg_freespacemap
pg_prewarm
pg_standby
pg_stat_statements
pg_trgm
pg_visibility
pgcrypto
expected
sql
3des.sql
blowfish.sql
cast5.sql
crypt-blowfish.sql
crypt-des.sql
crypt-md5.sql
crypt-xdes.sql
des.sql
hmac-md5.sql
hmac-sha1.sql
init.sql
md5.sql
pgp-armor.sql
pgp-compression.sql
pgp-decrypt.sql
pgp-encrypt.sql
pgp-info.sql
pgp-pubkey-decrypt.sql
pgp-pubkey-encrypt.sql
pgp-zlib-DISABLED.sql
rijndael.sql
sha1.sql
sha2.sql
.gitignore
Makefile
blf.c
blf.h
crypt-blowfish.c
crypt-des.c
crypt-gensalt.c
crypt-md5.c
imath.c
imath.h
internal-sha2.c
internal.c
mbuf.c
mbuf.h
md5.c
md5.h
openssl.c
pgcrypto--1.0--1.1.sql
pgcrypto--1.1--1.2.sql
pgcrypto--1.2--1.3.sql
pgcrypto--1.3.sql
pgcrypto--unpackaged--1.0.sql
pgcrypto.c
pgcrypto.control
pgcrypto.h
pgp-armor.c
pgp-cfb.c
pgp-compress.c
pgp-decrypt.c
pgp-encrypt.c
pgp-info.c
pgp-mpi-internal.c
pgp-mpi-openssl.c
pgp-mpi.c
pgp-pgsql.c
pgp-pubdec.c
pgp-pubenc.c
pgp-pubkey.c
pgp-s2k.c
pgp.c
pgp.h
px-crypt.c
px-crypt.h
px-hmac.c
px.c
px.h
rijndael.c
rijndael.h
rijndael.tbl
sha1.c
sha1.h
pgrowlocks
pgstattuple
postgres_fdw
seg
sepgsql
spi
sslinfo
start-scripts
tablefunc
tcn
test_decoding
tsm_system_rows
tsm_system_time
unaccent
uuid-ossp
vacuumlo
xml2
Makefile
README
contrib-global.mk
doc
src
.dir-locals.el
.gitattributes
.gitignore
COPYRIGHT
GNUmakefile.in
HISTORY
Makefile
README
README.git
aclocal.m4
configure
configure.in
777bf92e33515bb6be2f73b6df4096496385bf55
postgres/contrib/pgcrypto/sql/pgp-compression.sql
Michael Paquier 202fc4ca53 Fix corner case with 16kB-long decompression in pgcrypto, take 2 
A compressed stream may end with an empty packet.  In this case
decompression finishes before reading the empty packet and the
remaining stream packet causes a failure in reading the following
data.  This commit makes sure to consume such extra data, avoiding a
failure when decompression the data.  This corner case was reproducible
easily with a data length of 16kB, and existed since e94dd6a.  A cheap
regression test is added to cover this case based on a random,
incompressible string.

The first attempt of this patch has allowed to find an older failure
within the compression logic of pgcrypto, fixed by b9b6105.  This
involved SLES 15 with z390 where a custom flavor of libz gets used.
Bonus thanks to Mark Wong for providing access to the specific
environment.

Reported-by: Frank Gagnepain
Author: Kyotaro Horiguchi, Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/16476-692ef7b84e5fb893@postgresql.org
Backpatch-through: 9.5
2020-07-27 15:59:03 +09:00

52 lines
1.7 KiB
SQL
Raw Blame History

--
-- PGP compression support
--
select pgp_sym_decrypt(dearmor('
-----BEGIN PGP MESSAGE-----
ww0ECQMCsci6AdHnELlh0kQB4jFcVwHMJg0Bulop7m3Mi36s15TAhBo0AnzIrRFrdLVCkKohsS6+
DMcmR53SXfLoDJOv/M8uKj3QSq7oWNIp95pxfA==
=tbSn
-----END PGP MESSAGE-----
'), 'key', 'expect-compress-algo=1');
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=0'),
'key', 'expect-compress-algo=0');
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=1'),
'key', 'expect-compress-algo=1');
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key', 'compress-algo=2'),
'key', 'expect-compress-algo=2');
-- level=0 should turn compression off
select pgp_sym_decrypt(
pgp_sym_encrypt('Secret message', 'key',
'compress-algo=2, compress-level=0'),
'key', 'expect-compress-algo=0');
-- check corner case involving an input string of 16kB, as per bug #16476.
SELECT setseed(0);
WITH random_string AS
(
-- This generates a random string of 16366 bytes. This is chosen
-- as random so that it does not get compressed, and the decompression
-- would work on a string with the same length as the origin, making the
-- test behavior more predictible. lpad() ensures that the generated
-- hexadecimal value is completed by extra zero characters if random()
-- has generated a value strictly lower than 16.
SELECT string_agg(decode(lpad(to_hex((random()*256)::int), 2, '0'), 'hex'), '') as bytes
FROM generate_series(0, 16365)
)
SELECT bytes =
pgp_sym_decrypt_bytea(
pgp_sym_encrypt_bytea(bytes, 'key',
'compress-algo=1,compress-level=1'),
'key', 'expect-compress-algo=1')
AS is_same
FROM random_string;
View Git Blame Copy Permalink