pgcrypto: Fix check for buffer size

The code copying the PGP block into the temp buffer failed to
account for the extra 2 bytes in the buffer which are needed
for the prefix. If the block was oversized, subsequent checks
of the prefix would have exceeded the buffer size.  Since the
block sizes are hardcoded in the list of supported ciphers it
can be verified that there is no live bug here. Backpatch all
the way for consistency though, as this bug is old.

Author: Mikhail Gribkov <[email protected]>
Discussion: https://postgr.es/m/CAMEv5_uWvcMCMdRFDsJLz2Q8g16HEa9xWyfrkr+FYMMFJhawOw@mail.gmail.com
Backpatch-through: v12

diff --git a/contrib/pgcrypto/pgp-decrypt.c b/contrib/pgcrypto/pgp-decrypt.c
index 3ecbf9c0c259659dd523331edd3cf31d5ae0d5ad..f74c2f760bb33a0fb60e80ad1d8ed83bbe436813 100644 (file)
--- a/contrib/pgcrypto/pgp-decrypt.c
+++ b/contrib/pgcrypto/pgp-decrypt.c
@@ -250,7 +250,8 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
    uint8       tmpbuf[PGP_MAX_BLOCK + 2];
 
    len = pgp_get_cipher_block_size(ctx->cipher_algo);
-   if (len > sizeof(tmpbuf))
+   /* Make sure we have space for prefix */
+   if (len > PGP_MAX_BLOCK)
        return PXE_BUG;
 
    res = pullf_read_max(src, len + 2, &buf, tmpbuf);