Re: Wrong buffer limits check
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Mikhail Gribkov <youzhick@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-01-29T14:09:57Z
Lists: pgsql-hackers
> On 29 Jan 2024, at 14:37, Mikhail Gribkov <youzhick@gmail.com> wrote: > I have tried to analyse Postgres code with Svace static analyzer [1] and found something I think is a real bug. > > In pgp-decrypt.c, in prefix_init function the following check: > if (len > sizeof(tmpbuf)) > > seem to be erroneous and should really look this way: > if (len > PGP_MAX_BLOCK) Studying the code I think you're right, we should be ensuring that the cipher block size isn't exceeding PGP_MAX_BLOCK. In practice it seems night impossible to hit given the ciphers in cipher_list, but we should still fix it. Unsurprisingly this seems to have been there forever (since July 2005) so needs to be backpatched to all supported branches for the sake of consistency -- Daniel Gustafsson
Commits
-
pgcrypto: Fix check for buffer size
- f74b5c5bc67c 15.6 landed
- c29022164f8a 12.18 landed
- b527ebc1d37a 17.0 landed
- 5d726c72cd0f 16.2 landed
- 54717fcaad75 14.11 landed
- 375d30bcbbd0 13.14 landed