PG-1373 Do not use strcpy() for binary KMIP keys

jeltz · jeltz · commit 4d5fc5bce511 · 2025-02-24T19:16:01.000+01:00
This code is not only a potential security issue also a correctness
issue for pincipal keys which contain NUL bytes. So instead we first
check that the lenght is exactly correct before copying.
diff --git a/contrib/pg_tde/src/keyring/keyring_kmip.c b/contrib/pg_tde/src/keyring/keyring_kmip.c
@@ -240,7 +240,6 @@ get_key_by_name(GenericKeyring *keyring, const char *key_name, bool throw_error,
 	key = palloc(sizeof(keyInfo));
 
 	{
-
 		char	   *keyp = NULL;
 		int			result = kmip_bio_get_symmetric_key(ctx.bio, id, strlen(id), &keyp, (int *) &key->data.len);
 
@@ -254,7 +253,17 @@ get_key_by_name(GenericKeyring *keyring, const char *key_name, bool throw_error,
 			return NULL;
 		}
 
-		strncpy((char *) key->data.data, keyp, MAX_KEY_DATA_SIZE);
+		if (key->data.len > sizeof(key->data.data))
+		{
+			kmip_ereport(throw_error, "Unexpected KMIP key length %d", key->data.len);
+			pfree(key);
+			BIO_free_all(ctx.bio);
+			SSL_CTX_free(ctx.ssl);
+			free(keyp);
+			return NULL;
+		}
+
+		memcpy(key->data.data, keyp, key->data.len);
 		free(keyp);
 	}
 
