pgsql: Require PGP-decrypted text to pass encoding validation.

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Noah Misch <[email protected]>
To: [email protected]
Subject: pgsql: Require PGP-decrypted text to pass encoding validation.
Date: Mon, 09 Feb 2026 14:16:18 +0000
Message-ID: <[email protected]> (raw)

Require PGP-decrypted text to pass encoding validation.

pgp_sym_decrypt() and pgp_pub_decrypt() will raise such errors, while
bytea variants will not.  The existing "dat3" test decrypted to non-UTF8
text, so switch that query to bytea.

The long-term intent is for type "text" to always be valid in the
database encoding.  pgcrypto has long been known as a source of
exceptions to that intent, but a report about exploiting invalid values
of type "text" brought this module to the forefront.  This particular
exception is straightforward to fix, with reasonable effect on user
queries.  Back-patch to v14 (all supported versions).

Reported-by: Paul Gerste (as part of zeroday.cloud)
Reported-by: Moritz Sanft (as part of zeroday.cloud)
Author: shihao zhong <[email protected]>
Reviewed-by: cary huang <[email protected]>
Discussion: https://postgr.es/m/CAGRkXqRZyo0gLxPJqUsDqtWYBbgM14betsHiLRPj9mo2=z9VvA@mail.gmail.com
Backpatch-through: 14
Security: CVE-2026-2006

Branch
------
REL_16_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/0c33d560899f80f23bb393269e992fa104e8c79f

Modified Files
--------------
contrib/pgcrypto/expected/pgp-decrypt.out   | 23 ++++++++++++++++++++++-
contrib/pgcrypto/expected/pgp-decrypt_1.out | 23 ++++++++++++++++++++++-
contrib/pgcrypto/pgp-pgsql.c                |  2 ++
contrib/pgcrypto/sql/pgp-decrypt.sql        | 22 +++++++++++++++++++++-
4 files changed, 67 insertions(+), 3 deletions(-)

view thread (6+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgsql: Require PGP-decrypted text to pass encoding validation.
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox