From eceb415c6ff0eb2494f90397433a966a182f3908 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Wed, 22 Jul 2020 14:52:50 +0900 Subject: Fix corner case with PGP decompression in pgcrypto A compressed stream may end with an empty packet, and PGP decompression finished before reading this empty packet in the remaining stream. This caused a failure in pgcrypto, handling this case as corrupted data. This commit makes sure to consume such extra data, avoiding a failure when decompression the entire stream. This corner case was reproducible with a data length of 16kB, and existed since its introduction in e94dd6a. A cheap regression test is added to cover this case. Thanks to Jeff Janes for the extra investigation. Reported-by: Frank Gagnepain Author: Kyotaro Horiguchi, Michael Paquier Discussion: https://postgr.es/m/16476-692ef7b84e5fb893@postgresql.org Backpatch-through: 9.5 --- contrib/pgcrypto/pgp-compress.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'contrib/pgcrypto/pgp-compress.c') diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c index 57efe733386..631caa13693 100644 --- a/contrib/pgcrypto/pgp-compress.c +++ b/contrib/pgcrypto/pgp-compress.c @@ -244,6 +244,17 @@ decompress_read(void *priv, PullFilter *src, int len, struct DecomprData *dec = priv; restart: + if (dec->stream.avail_in == 0) + { + uint8 *tmp; + + res = pullf_read(src, 8192, &tmp); + if (res < 0) + return res; + dec->stream.next_in = tmp; + dec->stream.avail_in = res; + } + if (dec->buf_data > 0) { if (len > dec->buf_data) @@ -257,17 +268,6 @@ restart: if (dec->eof) return 0; - if (dec->stream.avail_in == 0) - { - uint8 *tmp; - - res = pullf_read(src, 8192, &tmp); - if (res < 0) - return res; - dec->stream.next_in = tmp; - dec->stream.avail_in = res; - } - dec->stream.next_out = dec->buf; dec->stream.avail_out = dec->buf_len; dec->pos = dec->buf; -- cgit v1.2.3