Fix buffer overrun after incomplete read in pullf_read_max().

author Noah Misch <noah@leadboat.com>

Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)

committer Noah Misch <noah@leadboat.com>

Mon, 2 Feb 2015 15:00:51 +0000 (10:00 -0500)
author Noah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committer Noah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:51 +0000 (10:00 -0500)
diff --git a/contrib/pgcrypto/expected/pgp-info.out b/contrib/pgcrypto/expected/pgp-info.out

index 1fe008890fbd1e273415f7a0e74fbaeaa9af3979..90648383730c0f2cac5dbcccc2974fd017d14155 100644 (file)
--- a/contrib/pgcrypto/expected/pgp-info.out
+++ b/contrib/pgcrypto/expected/pgp-info.out
@@ -74,5 +74,6 @@ from encdata order by id;
   2C226E1FFE5CC7D4
   B68504FD128E1FF9
   FD0206C409B74875
-(4 rows)
+ FD0206C409B74875
+(5 rows)
  
diff --git a/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out b/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out

index 61e09b9a86cbfee3cbbdeabbf72c97b72d84b41e..d290a1349f96f22774429291a380259b2428be66 100644 (file)
--- a/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
+++ b/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
@@ -564,6 +564,27 @@ GQ==
  =XHkF
  -----END PGP MESSAGE-----
  ');
+-- rsaenc2048 / aes128 (not from gnupg)
+insert into encdata (id, data) values (5, '
+-----BEGIN PGP MESSAGE-----
+
+wcBMA/0CBsQJt0h1AQgAzxZ8j+OTeZ8IlLxfZ/mVd28/gUsCY+xigWBk/anZlK3T
+p2tNU2idHzKdAttH2Hu/PWbZp4kwjl9spezYxMqCeBZqtfGED88Y+rqK0n/ul30A
+7jjFHaw0XUOqFNlST1v6H2i7UXndnp+kcLfHPhnO5BIYWxB2CYBehItqtrn75eqr
+C7trGzU/cr74efcWagbCDSNjiAV7GlEptlzmgVMmNikyI6w0ojEUx8lCLc/OsFz9
+pJUAX8xuwjxDVv+W7xk6c96grQiQlm+FLDYGiGNXoAzx3Wi/howu3uV40dXfY+jx
+3WBrhEew5Pkpt1SsWoFnJWOfJ8GLd0ec8vfRCqAIVdLgAeS7NyawQYtd6wuVrEAj
+5SMg4Thb4d+g45RksuGLHUUr4qO9tiXglODa4InhmJfgNuLk+RGz4LXjq8wepEmW
+vRbgFOG54+Cf4C/gC+HkreDm5JKSKjvvw4B/jC6CDxq+JoziEe2Z1uEjCuEcr+Es
+/eGzeOi36BejXPMHeKxXejj5qBBHKV0pHVhZSgffR0TtlXdB967Yl/5agV0R89hI
+7Gw52emfnH4Z0Y4V0au2H0k1dR/2IxXdJEWSTG7Be1JHT59p9ei2gSEOrdBMIOjP
+tbYYUlmmbvD49bHfThkDiC+oc9947LgQsk3kOOLbNHcjkbrjH8R5kjII4m/SEZA1
+g09T+338SzevBcVXh/cFrQ6/Et+lyyO2LJRUMs69g/HyzJOVWT2Iu8E0eS9MWevY
+Qtrkrhrpkl3Y02qEp/j6M03Yu2t6ZF7dp51aJ5VhO2mmmtHaTnCyCc8Fcf72LmD8
+blH2nKZC9d6fi4YzSYMepZpMOFR65M80MCMiDUGnZBB8sEADu2/iVtqDUeG8mAA=
+=PHJ1
+-----END PGP MESSAGE-----
+');
  -- successful decrypt
  select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
  from keytbl, encdata where keytbl.id=1 and encdata.id=1;
@@ -629,3 +650,7 @@ from keytbl, encdata where keytbl.id=5 and encdata.id=1;
   Secret msg
  (1 row)
  
+-- test for a short read from prefix_init
+select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+from keytbl, encdata where keytbl.id=6 and encdata.id=5;
+ERROR:  Wrong key or corrupt data
diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c

index 6124e4513c7cba62777a51df55548c9489efd9dd..c59691ed2cc2424908e06f44ad0ef1419ef9bdd6 100644 (file)
--- a/contrib/pgcrypto/mbuf.c
+++ b/contrib/pgcrypto/mbuf.c
@@ -305,6 +305,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf)
                         break;
                 memcpy(tmpbuf + total, tmp, res);
                 total += res;
+               len -= res;
         }
         return total;
  }
diff --git a/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql b/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql

index f8495d1e540efa3753613017b63141e4b977efb6..3f2bae9e40bd473e697da17be9cdea1f73834ab6 100644 (file)
--- a/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
+++ b/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
@@ -579,6 +579,28 @@ GQ==
  -----END PGP MESSAGE-----
  ');
  
+-- rsaenc2048 / aes128 (not from gnupg)
+insert into encdata (id, data) values (5, '
+-----BEGIN PGP MESSAGE-----
+
+wcBMA/0CBsQJt0h1AQgAzxZ8j+OTeZ8IlLxfZ/mVd28/gUsCY+xigWBk/anZlK3T
+p2tNU2idHzKdAttH2Hu/PWbZp4kwjl9spezYxMqCeBZqtfGED88Y+rqK0n/ul30A
+7jjFHaw0XUOqFNlST1v6H2i7UXndnp+kcLfHPhnO5BIYWxB2CYBehItqtrn75eqr
+C7trGzU/cr74efcWagbCDSNjiAV7GlEptlzmgVMmNikyI6w0ojEUx8lCLc/OsFz9
+pJUAX8xuwjxDVv+W7xk6c96grQiQlm+FLDYGiGNXoAzx3Wi/howu3uV40dXfY+jx
+3WBrhEew5Pkpt1SsWoFnJWOfJ8GLd0ec8vfRCqAIVdLgAeS7NyawQYtd6wuVrEAj
+5SMg4Thb4d+g45RksuGLHUUr4qO9tiXglODa4InhmJfgNuLk+RGz4LXjq8wepEmW
+vRbgFOG54+Cf4C/gC+HkreDm5JKSKjvvw4B/jC6CDxq+JoziEe2Z1uEjCuEcr+Es
+/eGzeOi36BejXPMHeKxXejj5qBBHKV0pHVhZSgffR0TtlXdB967Yl/5agV0R89hI
+7Gw52emfnH4Z0Y4V0au2H0k1dR/2IxXdJEWSTG7Be1JHT59p9ei2gSEOrdBMIOjP
+tbYYUlmmbvD49bHfThkDiC+oc9947LgQsk3kOOLbNHcjkbrjH8R5kjII4m/SEZA1
+g09T+338SzevBcVXh/cFrQ6/Et+lyyO2LJRUMs69g/HyzJOVWT2Iu8E0eS9MWevY
+Qtrkrhrpkl3Y02qEp/j6M03Yu2t6ZF7dp51aJ5VhO2mmmtHaTnCyCc8Fcf72LmD8
+blH2nKZC9d6fi4YzSYMepZpMOFR65M80MCMiDUGnZBB8sEADu2/iVtqDUeG8mAA=
+=PHJ1
+-----END PGP MESSAGE-----
+');
+
  -- successful decrypt
  select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
  from keytbl, encdata where keytbl.id=1 and encdata.id=1;
@@ -619,3 +641,7 @@ from keytbl, encdata where keytbl.id=5 and encdata.id=1;
  -- password-protected secret key, right password
  select pgp_pub_decrypt(dearmor(data), dearmor(seckey), 'parool')
  from keytbl, encdata where keytbl.id=5 and encdata.id=1;
+
+-- test for a short read from prefix_init
+select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+from keytbl, encdata where keytbl.id=6 and encdata.id=5;
author	Noah Misch <noah@leadboat.com>
	Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committer	Noah Misch <noah@leadboat.com>
	Mon, 2 Feb 2015 15:00:51 +0000 (10:00 -0500)
contrib/pgcrypto/expected/pgp-info.out		patch \| blob \| history
contrib/pgcrypto/expected/pgp-pubkey-decrypt.out		patch \| blob \| history
contrib/pgcrypto/mbuf.c		patch \| blob \| history
contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql		patch \| blob \| history