At Thu, 11 Jun 2020 22:17:26 +0900, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote in
> >
> > The reproducer becomes not to fail with the attached patch.
>
>
> I put an assertion in the patch, but that is not appropriare. It shoud be
> an ereport instead. I’ll fix that later.
Fixed.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From 1f5003c164cf529a79d1f56e4c43d5867c3a345e Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horikyoga.ntt@gmail.com>
Date: Thu, 11 Jun 2020 20:29:23 +0900
Subject: [PATCH v2] Make sure to consume stream-terminating packet
When a compressed stream ends with a full packet, it must be
terminated by a normal empty packet. Make sure to consume such
packets.
---
contrib/pgcrypto/pgp-compress.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/contrib/pgcrypto/pgp-compress.c b/contrib/pgcrypto/pgp-compress.c
index 0505bdee92..296afb3324 100644
--- a/contrib/pgcrypto/pgp-compress.c
+++ b/contrib/pgcrypto/pgp-compress.c
@@ -286,7 +286,29 @@ restart:
dec->buf_data = dec->buf_len - dec->stream.avail_out;
if (res == Z_STREAM_END)
+ {
+ uint8 *tmp;
+
+ /*
+ * A stream must be terminated by a normal packet. If the last stream
+ * packet in the source stream is a full packet, a normal empty packet
+ * must follow. Since the underlying packet reader doesn't know that
+ * the compressed stream has been ended, we need to to consume the
+ * terminating packet here. This read doesn't harm even if the stream
+ * has already ended.
+ */
+ res = pullf_read(src, 1, &tmp);
+
+ if (res < 0)
+ return res;
+ else if (res > 0)
+ {
+ px_debug("decompress_read: extra bytes after end of stream");
+ return PXE_PGP_CORRUPT_DATA;
+ }
+
dec->eof = 1;
+ }
goto restart;
}
--
2.18.2
