| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | pg_cryptohash_final possible out-of-bounds access (per Coverity) |
| Date: | 2021-02-10 01:01:45 |
| Message-ID: | CAEudQAoqEGmcff3J4sTSV-R_16Monuz-UpJFbf_dnVH=APr02Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Hackers,
Per Coverity.
Coverity complaints about pg_cryptohash_final function.
And I agree with Coverity, it's a bad design.
Its allows this:
#define MY_RESULT_LENGTH 32
function pgtest(char * buffer, char * text) {
pg_cryptohash_ctx *ctx;
uint8 digest[MY_RESULT_LENGTH];
ctx = pg_cryptohash_create(PG_SHA512);
pg_cryptohash_init(ctx);
pg_cryptohash_update(ctx, (uint8 *) buffer, text);
pg_cryptohash_final(ctx, digest); // <-- CID 1446240 (#1 of 1):
Out-of-bounds access (OVERRUN)
pg_cryptohash_free(ctx);
return
}
Attached has a patch with suggestions to make things better.
regards,
Ranier Vilela
| Attachment | Content-Type | Size |
|---|---|---|
| pg_cryptohash.patch | application/octet-stream | 20.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Euler Taveira | 2021-02-10 01:10:32 | Re: Clean up code |
| Previous Message | Peter Smith | 2021-02-10 00:51:57 | Re: Single transaction in the tablesync worker? |