Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd83cdfd

Browse files
committed
libpq: reject extraneous data after SSL or GSS encryption handshake.
libpq collects up to a bufferload of data whenever it reads data fromthe socket. When SSL or GSS encryption is requested during startup,any additional data received with the server's yes-or-no replyremained in the buffer, and would be treated as already-decrypted dataonce the encryption handshake completed. Thus, a man-in-the-middlewith the ability to inject data into the TCP connection could stuffsome cleartext data into the start of a supposedly encryption-protecteddatabase session.This could probably be abused to inject faked responses to theclient's first few queries, although other details of libpq's behaviormake that harder than it sounds. A different line of attack is toexfiltrate the client's password, or other sensitive data that mightbe sent early in the session. That has been shown to be possible witha server vulnerable toCVE-2021-23214.To fix, throw a protocol-violation error if the internal bufferis not empty after the encryption handshake.Our thanks to Jacob Champion for reporting this problem.Security:CVE-2021-23222
1 parent046c2c8 commitd83cdfd

File tree

2 files changed

+27
-0
lines changed

2 files changed

+27
-0
lines changed

‎doc/src/sgml/protocol.sgml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1307,6 +1307,20 @@
13071307
and proceed without requesting <acronym>SSL</acronym>.
13081308
</para>
13091309

1310+
<para>
1311+
When <acronym>SSL</acronym> encryption can be performed, the server
1312+
is expected to send only the single <literal>S</literal> byte and then
1313+
wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
1314+
If additional bytes are available to read at this point, it likely
1315+
means that a man-in-the-middle is attempting to perform a
1316+
buffer-stuffing attack
1317+
(<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
1318+
Frontends should be coded either to read exactly one byte from the
1319+
socket before turning the socket over to their SSL library, or to
1320+
treat it as a protocol violation if they find they have read additional
1321+
bytes.
1322+
</para>
1323+
13101324
<para>
13111325
An initial SSLRequest can also be used in a connection that is being
13121326
opened to send a CancelRequest message.

‎src/interfaces/libpq/fe-connect.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2371,6 +2371,19 @@ PQconnectPoll(PGconn *conn)
23712371
pollres=pqsecure_open_client(conn);
23722372
if (pollres==PGRES_POLLING_OK)
23732373
{
2374+
/*
2375+
* At this point we should have no data already buffered.
2376+
* If we do, it was received before we performed the SSL
2377+
* handshake, so it wasn't encrypted and indeed may have
2378+
* been injected by a man-in-the-middle.
2379+
*/
2380+
if (conn->inCursor!=conn->inEnd)
2381+
{
2382+
appendPQExpBufferStr(&conn->errorMessage,
2383+
libpq_gettext("received unencrypted data after SSL response\n"));
2384+
gotoerror_return;
2385+
}
2386+
23742387
/* SSL handshake done, ready to send startup packet */
23752388
conn->status=CONNECTION_MADE;
23762389
returnPGRES_POLLING_WRITING;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp