NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit13c00ae

committed

Fix portability bugs in use of credentials control messages for peer auth.

Even though our existing code for handling credentials control messages hasbeen basically unchanged since 2001, it was fundamentally wrong: it did notensure proper alignment of the supplied buffer, and it was calculatingbuffer sizes and message sizes incorrectly. This led to failures onplatforms where alignment padding is relevant, for instance FreeBSD on64-bit platforms, as seen in a recent Debian bug report passed on byMartin Pitt (http://bugs.debian.org//cgi-bin/bugreport.cgi?bug=612888).Rewrite to do the message-whacking using the macros specified in RFC 2292,following a suggestion from Theo de Raadt in that thread. Tested by meon Debian/kFreeBSD-amd64; since OpenBSD and NetBSD document the identicalCMSG API, it should work there too.Back-patch to all supported branches.

1 parentb4b6923 commit13c00aeCopy full SHA for 13c00ae

File tree

2 files changed

+47

-35

lines changed

src
- backend/libpq
  - auth.c
- interfaces/libpq
  - fe-auth.c

2 files changed

+47

-35

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 35 additions & 25 deletions

Original file line number	Diff line number	Diff line change
`@@ -1788,7 +1788,7 @@ auth_peer(hbaPort *port)`
`1788`	`1788`	`charident_user[IDENT_USERNAME_MAX+1];`
`1789`	`1789`
`1790`	`1790`	`#if defined(HAVE_GETPEEREID)`
`1791`		`-/* OpenBSD style: */`
	`1791`	`+/* OpenBSD(also Mac OS X)style:use getpeereid() */`
`1792`	`1792`	`uid_tuid;`
`1793`	`1793`	`gid_tgid;`
`1794`	`1794`	`structpasswd*pass;`
`@@ -1843,7 +1843,7 @@ auth_peer(hbaPort *port)`
`1843`	`1843`
`1844`	`1844`	`strlcpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX+1);`
`1845`	`1845`	`#elif defined(HAVE_GETPEERUCRED)`
`1846`		`-/* Solaris > 10 */`
	`1846`	`+/* Solaris > 10: use getpeerucred() */`
`1847`	`1847`	`uid_tuid;`
`1848`	`1848`	`structpasswd*pass;`
`1849`	`1849`	`ucred_t*ucred;`
`@@ -1878,9 +1878,7 @@ auth_peer(hbaPort *port)`
`1878`	`1878`
`1879`	`1879`	`strlcpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX+1);`
`1880`	`1880`	`#elif defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| (defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))`
`1881`		`-structmsghdrmsg;`
`1882`		`-`
`1883`		`-/* Credentials structure */`
	`1881`	`+/* Assorted BSDen: use a credentials control message */`
`1884`	`1882`	`#if defined(HAVE_STRUCT_CMSGCRED)`
`1885`	`1883`	`typedefstructcmsgcredCred;`
`1886`	`1884`
`@@ -1894,43 +1892,55 @@ auth_peer(hbaPort *port)`
`1894`	`1892`
`1895`	`1893`	`#definecruid sc_uid`
`1896`	`1894`	`#endif`
`1897`		`-Cred*cred;`
`1898`		`-`
`1899`		`-/* Compute size without padding */`
`1900`		`-charcmsgmem[ALIGN(sizeof(structcmsghdr))+ALIGN(sizeof(Cred))];/* for NetBSD */`
`1901`		`-`
`1902`		`-/* Point to start of first structure */`
`1903`		`-structcmsghdrcmsg= (structcmsghdr)cmsgmem;`
`1904`	`1895`
	`1896`	`+structmsghdrmsg;`
	`1897`	`+structcmsghdr*cmsg;`
	`1898`	`+union`
	`1899`	`+{`
	`1900`	`+structcmsghdrhdr;`
	`1901`	`+unsignedcharbuf[CMSG_SPACE(sizeof(Cred))];`
	`1902`	`+}cmsgbuf;`
`1905`	`1903`	`structioveciov;`
`1906`	`1904`	`charbuf;`
	`1905`	`+Cred*cred;`
`1907`	`1906`	`structpasswd*pw;`
`1908`	`1907`
`1909`		`-memset(&msg,0,sizeof(msg));`
`1910`		`-msg.msg_iov=&iov;`
`1911`		`-msg.msg_iovlen=1;`
`1912`		`-msg.msg_control= (char*)cmsg;`
`1913`		`-msg.msg_controllen=sizeof(cmsgmem);`
`1914`		`-memset(cmsg,0,sizeof(cmsgmem));`
`1915`		`-`
`1916`	`1908`	`/*`
`1917`		`- * The one characterwhich is received here is not meaningful; its`
`1918`		`- *purposesis only to make sure that recvmsg() blocks long enough for the`
`1919`		`- *otherside to send its credentials.`
	`1909`	`+ * The one characterthat is received here is not meaningful; its purpose`
	`1910`	`+ * is only to make sure that recvmsg() blocks long enough for the other`
	`1911`	`+ * side to send its credentials.`
`1920`	`1912`	`*/`
`1921`	`1913`	`iov.iov_base=&buf;`
`1922`	`1914`	`iov.iov_len=1;`
`1923`	`1915`
`1924`		`-if (recvmsg(port->sock,&msg,0)<0\|\|`
`1925`		`-cmsg->cmsg_len<sizeof(cmsgmem)\|\|`
`1926`		`-cmsg->cmsg_type!=SCM_CREDS)`
	`1916`	`+memset(&msg,0,sizeof(msg));`
	`1917`	`+msg.msg_iov=&iov;`
	`1918`	`+msg.msg_iovlen=1;`
	`1919`	`+msg.msg_control=&cmsgbuf.buf;`
	`1920`	`+msg.msg_controllen=sizeof(cmsgbuf.buf);`
	`1921`	`+memset(&cmsgbuf,0,sizeof(cmsgbuf));`
	`1922`	`+`
	`1923`	`+if (recvmsg(port->sock,&msg,0)<0)`
`1927`	`1924`	`{`
`1928`	`1925`	`ereport(LOG,`
`1929`	`1926`	`(errcode_for_socket_access(),`
`1930`	`1927`	`errmsg("could not get peer credentials: %m")));`
`1931`	`1928`	`returnSTATUS_ERROR;`
`1932`	`1929`	`}`
`1933`	`1930`
	`1931`	`+cmsg=CMSG_FIRSTHDR(&msg);`
	`1932`	`+if (msg.msg_flags& (MSG_TRUNC \|MSG_CTRUNC)\|\|`
	`1933`	`+cmsg==NULL\|\|`
	`1934`	`+cmsg->cmsg_len<CMSG_LEN(sizeof(Cred))\|\|`
	`1935`	`+cmsg->cmsg_level!=SOL_SOCKET\|\|`
	`1936`	`+cmsg->cmsg_type!=SCM_CREDS)`
	`1937`	`+{`
	`1938`	`+ereport(LOG,`
	`1939`	`+(errcode(ERRCODE_PROTOCOL_VIOLATION),`
	`1940`	`+errmsg("could not get peer credentials: incorrect control message")));`
	`1941`	`+returnSTATUS_ERROR;`
	`1942`	`+}`
	`1943`	`+`
`1934`	`1944`	`cred= (Cred*)CMSG_DATA(cmsg);`
`1935`	`1945`
`1936`	`1946`	`pw=getpwuid(cred->cruid);`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 12 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -693,11 +693,12 @@ pg_local_sendauth(PGconn *conn)`
`693`	`693`	`structmsghdrmsg;`
`694`	`694`
`695`	`695`	`#ifdefHAVE_STRUCT_CMSGCRED`
`696`		`-/* Prevent padding */`
`697`		`-charcmsgmem[sizeof(structcmsghdr)+sizeof(structcmsgcred)];`
`698`		`-`
`699`		`-/* Point to start of first structure */`
`700`		`-structcmsghdrcmsg= (structcmsghdr)cmsgmem;`
	`696`	`+structcmsghdr*cmsg;`
	`697`	`+union`
	`698`	`+{`
	`699`	`+structcmsghdrhdr;`
	`700`	`+unsignedcharbuf[CMSG_SPACE(sizeof(structcmsgcred))];`
	`701`	`+}cmsgbuf;`
`701`	`702`	`#endif`
`702`	`703`
`703`	`704`	`/*`
`@@ -713,11 +714,12 @@ pg_local_sendauth(PGconn *conn)`
`713`	`714`	`msg.msg_iovlen=1;`
`714`	`715`
`715`	`716`	`#ifdefHAVE_STRUCT_CMSGCRED`
`716`		`-/* Create control header, FreeBSD */`
`717`		`-msg.msg_control=cmsg;`
`718`		`-msg.msg_controllen=sizeof(cmsgmem);`
`719`		`-memset(cmsg,0,sizeof(cmsgmem));`
`720`		`-cmsg->cmsg_len=sizeof(cmsgmem);`
	`717`	`+/* FreeBSD needs us to set up a message that will be filled in by kernel */`
	`718`	`+memset(&cmsgbuf,0,sizeof(cmsgbuf));`
	`719`	`+msg.msg_control=&cmsgbuf.buf;`
	`720`	`+msg.msg_controllen=sizeof(cmsgbuf.buf);`
	`721`	`+cmsg=CMSG_FIRSTHDR(&msg);`
	`722`	`+cmsg->cmsg_len=CMSG_LEN(sizeof(structcmsgcred));`
`721`	`723`	`cmsg->cmsg_level=SOL_SOCKET;`
`722`	`724`	`cmsg->cmsg_type=SCM_CREDS;`
`723`	`725`	`#endif`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit13c00ae

File tree

2 files changed

2 files changed

`‎src/backend/libpq/auth.c`

`‎src/interfaces/libpq/fe-auth.c`

0 commit comments