Re: BUG #16476: pgp_sym_encrypt_bytea with compress-level=6 : Wrong key or corrupt data
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Cc: tgl@sss.pgh.pa.us, jeff.janes@gmail.com, frank.gagnepain@intm.fr, pgsql-bugs@lists.postgresql.org
Date: 2020-06-25T06:45:41Z
Lists: pgsql-bugs
Attachments
- crypto.sql (application/x-sql)
- pgcrypto-zlib-v4.patch (text/x-diff) patch v4
On Wed, Jun 24, 2020 at 04:59:21PM +0900, Michael Paquier wrote: > FYI, I have begun looking at this report, and I am reviewing the > proposed patch. Okay. First I found the test case you added a bit hard to parse, so I have refactored it with a CTE in charge of building the random string, with the main query doing the compression/decompression and a check making sure that the original string and the result match. I quite liked the logic with lpad() to append zeros if the computation with random()*256 returned a result less than 16, as well as the use of string_agg() for that purpose to build the string. I have also switched the second arguments of the functions to just use 'key', for readability. Using a random string sounds good to me here. It could always be possible that we finish with something less random, causing it to to become compressed but I'll believe in the rule of chaos here. Then, the fix you are proposing is to simply make sure that all the input from the source stream is properly consumed even after the zlib stream has ended in this corner case thanks to pullf_read(), and that sounds good to me. However, I had an idea slightly different than yours, consisting of simply reading the contents of the source before checking if there is any available in the decompressed buffer (the check on buf_data before the goto restart step). That makes the fix a bit simpler, without changing the logic. I am also attaching an extra script I used to validate this stuff based on the regression test of the patch, that has allowed me to check the logic for random strings up to 33kB, like that for example (this one took 8 mins on my laptop): select count(test_crypto(len)) from generate_series(0, 33000) as len; The inputs and outputs perfectly matched in all my tests, with the 16kB string being the only one failing in the range I have tested on HEAD, test passing with the patch of course. One or more extra pairs of eyes is welcome, so please feel free to look at the version attached. Thanks, -- Michael
Commits
-
Fix corner case with 16kB-long decompression in pgcrypto, take 2
- aaa132a65deb 9.5.23 landed
- 8a60f541f3e4 9.6.19 landed
- 9729f99798af 10.14 landed
- 202fc4ca531e 11.9 landed
- 5bd087eb5d77 12.4 landed
- 0caf1fc6e86a 13.0 landed
- a3ab7a707d9e 14.0 landed
-
Fix ancient violation of zlib's API spec.
- d0519e9fea96 9.5.23 landed
- ccf964a80100 9.6.19 landed
- d8ec3b1263d2 10.14 landed
- 475c69c97662 11.9 landed
- 3d4a778152ec 12.4 landed
- b9b610577d7f 14.0 landed
- 7dab4569d193 13.0 landed
-
Revert "Fix corner case with PGP decompression in pgcrypto"
- 43e21fd8f6e8 9.5.23 landed
- 11c320dcebc0 9.6.19 landed
- 9a3c895084c6 10.14 landed
- 6ae2d925b131 11.9 landed
- e30a63f258f5 12.4 landed
- 9f5162ef43c5 13.0 landed
- 38f60f174e32 14.0 landed
-
Fix corner case with PGP decompression in pgcrypto
- dbf17ca1bfab 9.5.23 landed
- e0cb8282d614 9.6.19 landed
- 5bfd0936b460 10.14 landed
- eceb415c6ff0 11.9 landed
- bba2e66aec4c 12.4 landed
- 35e142202b14 13.0 landed
- 9e108984fb35 14.0 landed