pgcrypto: Fix check for buffer size

The code copying the PGP block into the temp buffer failed to account for the extra 2 bytes in the buffer which are needed for the prefix. If the block was oversized, subsequent checks of the prefix would have exceeded the buffer size. Since the block sizes are hardcoded in the list of supported ciphers it can be verified that there is no live bug here. Backpatch all the way for consistency though, as this bug is old. Author: Mikhail Gribkov <youzhick@gmail.com> Discussion: https://postgr.es/m/CAMEv5_uWvcMCMdRFDsJLz2Q8g16HEa9xWyfrkr+FYMMFJhawOw@mail.gmail.com Backpatch-through: v12
author: Daniel Gustafsson <dgustafsson@postgresql.org> 2024-01-30 11:15:46 +0100
committer: Daniel Gustafsson <dgustafsson@postgresql.org> 2024-01-30 11:15:46 +0100
commit: c29022164f8a25d7b22763374c10a0c8311abcff (patch)
tree: f020bcf90d9202b56beda02e9ca18a1efb367478
parent: dff1756c392ec7e3ac9b0b4bb2112a594765902a (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
index 7d8951cda41..965f4c92b20 100644
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ b/contrib/pgcrypto/pgp-decrypt.c
@@ -250,7 +250,8 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
 	uint8		tmpbuf[PGP_MAX_BLOCK + 2];
 
 	len = pgp_get_cipher_block_size(ctx->cipher_algo);
-	if (len > sizeof(tmpbuf))
+	/* Make sure we have space for prefix */
+	if (len > PGP_MAX_BLOCK)
 		return PXE_BUG;
 
 	res = pullf_read_max(src, len + 2, &buf, tmpbuf);
author	Daniel Gustafsson <dgustafsson@postgresql.org>	2024-01-30 11:15:46 +0100
committer	Daniel Gustafsson <dgustafsson@postgresql.org>	2024-01-30 11:15:46 +0100
commit	c29022164f8a25d7b22763374c10a0c8311abcff (patch)
tree	f020bcf90d9202b56beda02e9ca18a1efb367478
parent	dff1756c392ec7e3ac9b0b4bb2112a594765902a (diff)