Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)
Kyotaro Horiguchi <horikyota.ntt@gmail.com>
From: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
To: ranier.vf@gmail.com
Cc: pgsql-hackers@postgresql.org
Date: 2021-02-10T03:13:44Z
Lists: pgsql-hackers
At Tue, 9 Feb 2021 22:01:45 -0300, Ranier Vilela <ranier.vf@gmail.com> wrote in
> Hi Hackers,
>
> Per Coverity.
>
> Coverity complaints about pg_cryptohash_final function.
> And I agree with Coverity, it's a bad design.
> Its allows this:
>
> #define MY_RESULT_LENGTH 32
>
> function pgtest(char * buffer, char * text) {
> pg_cryptohash_ctx *ctx;
> uint8 digest[MY_RESULT_LENGTH];
>
> ctx = pg_cryptohash_create(PG_SHA512);
> pg_cryptohash_init(ctx);
> pg_cryptohash_update(ctx, (uint8 *) buffer, text);
> pg_cryptohash_final(ctx, digest); // <-- CID 1446240 (#1 of 1):
> Out-of-bounds access (OVERRUN)
> pg_cryptohash_free(ctx);
> return
> }
>
> Attached has a patch with suggestions to make things better.
I'm not sure about the details, but it looks like broken.
make complains for inconsistent prototypes abd cryptohahs.c and sha1.c
doesn't seem to agree on its interface.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
Commits
-
Add result size as argument of pg_cryptohash_final() for overflow checks
- b83dcf792869 14.0 landed