NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commite73bd1e

committed

Fix portability bugs in use of credentials control messages for peer auth.

Even though our existing code for handling credentials control messages hasbeen basically unchanged since 2001, it was fundamentally wrong: it did notensure proper alignment of the supplied buffer, and it was calculatingbuffer sizes and message sizes incorrectly. This led to failures onplatforms where alignment padding is relevant, for instance FreeBSD on64-bit platforms, as seen in a recent Debian bug report passed on byMartin Pitt (http://bugs.debian.org//cgi-bin/bugreport.cgi?bug=612888).Rewrite to do the message-whacking using the macros specified in RFC 2292,following a suggestion from Theo de Raadt in that thread. Tested by meon Debian/kFreeBSD-amd64; since OpenBSD and NetBSD document the identicalCMSG API, it should work there too.Back-patch to all supported branches.

1 parent73bd34c commite73bd1eCopy full SHA for e73bd1e

File tree

2 files changed

+47

-35

lines changed

src
- backend/libpq
  - auth.c
- interfaces/libpq
  - fe-auth.c

2 files changed

+47

-35

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 35 additions & 25 deletions

Original file line number	Diff line number	Diff line change
`@@ -1758,7 +1758,7 @@ static bool`
`1758`	`1758`	`ident_unix(intsock,char*ident_user)`
`1759`	`1759`	`{`
`1760`	`1760`	`#if defined(HAVE_GETPEEREID)`
`1761`		`-/* OpenBSD style: */`
	`1761`	`+/* OpenBSD(also Mac OS X)style:use getpeereid() */`
`1762`	`1762`	`uid_tuid;`
`1763`	`1763`	`gid_tgid;`
`1764`	`1764`	`structpasswd*pass;`
`@@ -1817,7 +1817,7 @@ ident_unix(int sock, char *ident_user)`
`1817`	`1817`
`1818`	`1818`	`return true;`
`1819`	`1819`	`#elif defined(HAVE_GETPEERUCRED)`
`1820`		`-/* Solaris > 10 */`
	`1820`	`+/* Solaris > 10: use getpeerucred() */`
`1821`	`1821`	`uid_tuid;`
`1822`	`1822`	`structpasswd*pass;`
`1823`	`1823`	`ucred_t*ucred;`
`@@ -1854,9 +1854,7 @@ ident_unix(int sock, char *ident_user)`
`1854`	`1854`
`1855`	`1855`	`return true;`
`1856`	`1856`	`#elif defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| (defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))`
`1857`		`-structmsghdrmsg;`
`1858`		`-`
`1859`		`-/* Credentials structure */`
	`1857`	`+/* Assorted BSDen: use a credentials control message */`
`1860`	`1858`	`#if defined(HAVE_STRUCT_CMSGCRED)`
`1861`	`1859`	`typedefstructcmsgcredCred;`
`1862`	`1860`
`@@ -1870,43 +1868,55 @@ ident_unix(int sock, char *ident_user)`
`1870`	`1868`
`1871`	`1869`	`#definecruid sc_uid`
`1872`	`1870`	`#endif`
`1873`		`-Cred*cred;`
`1874`		`-`
`1875`		`-/* Compute size without padding */`
`1876`		`-charcmsgmem[ALIGN(sizeof(structcmsghdr))+ALIGN(sizeof(Cred))];/* for NetBSD */`
`1877`		`-`
`1878`		`-/* Point to start of first structure */`
`1879`		`-structcmsghdrcmsg= (structcmsghdr)cmsgmem;`
`1880`	`1871`
	`1872`	`+structmsghdrmsg;`
	`1873`	`+structcmsghdr*cmsg;`
	`1874`	`+union`
	`1875`	`+{`
	`1876`	`+structcmsghdrhdr;`
	`1877`	`+unsignedcharbuf[CMSG_SPACE(sizeof(Cred))];`
	`1878`	`+}cmsgbuf;`
`1881`	`1879`	`structioveciov;`
`1882`	`1880`	`charbuf;`
	`1881`	`+Cred*cred;`
`1883`	`1882`	`structpasswd*pw;`
`1884`	`1883`
`1885`		`-memset(&msg,0,sizeof(msg));`
`1886`		`-msg.msg_iov=&iov;`
`1887`		`-msg.msg_iovlen=1;`
`1888`		`-msg.msg_control= (char*)cmsg;`
`1889`		`-msg.msg_controllen=sizeof(cmsgmem);`
`1890`		`-memset(cmsg,0,sizeof(cmsgmem));`
`1891`		`-`
`1892`	`1884`	`/*`
`1893`		`- * The one characterwhich is received here is not meaningful; its`
`1894`		`- *purposesis only to make sure that recvmsg() blocks long enough for the`
`1895`		`- *otherside to send its credentials.`
	`1885`	`+ * The one characterthat is received here is not meaningful; its purpose`
	`1886`	`+ * is only to make sure that recvmsg() blocks long enough for the other`
	`1887`	`+ * side to send its credentials.`
`1896`	`1888`	`*/`
`1897`	`1889`	`iov.iov_base=&buf;`
`1898`	`1890`	`iov.iov_len=1;`
`1899`	`1891`
`1900`		`-if (recvmsg(sock,&msg,0)<0\|\|`
`1901`		`-cmsg->cmsg_len<sizeof(cmsgmem)\|\|`
`1902`		`-cmsg->cmsg_type!=SCM_CREDS)`
	`1892`	`+memset(&msg,0,sizeof(msg));`
	`1893`	`+msg.msg_iov=&iov;`
	`1894`	`+msg.msg_iovlen=1;`
	`1895`	`+msg.msg_control=&cmsgbuf.buf;`
	`1896`	`+msg.msg_controllen=sizeof(cmsgbuf.buf);`
	`1897`	`+memset(&cmsgbuf,0,sizeof(cmsgbuf));`
	`1898`	`+`
	`1899`	`+if (recvmsg(sock,&msg,0)<0)`
`1903`	`1900`	`{`
`1904`	`1901`	`ereport(LOG,`
`1905`	`1902`	`(errcode_for_socket_access(),`
`1906`	`1903`	`errmsg("could not get peer credentials: %m")));`
`1907`	`1904`	`return false;`
`1908`	`1905`	`}`
`1909`	`1906`
	`1907`	`+cmsg=CMSG_FIRSTHDR(&msg);`
	`1908`	`+if (msg.msg_flags& (MSG_TRUNC \|MSG_CTRUNC)\|\|`
	`1909`	`+cmsg==NULL\|\|`
	`1910`	`+cmsg->cmsg_len<CMSG_LEN(sizeof(Cred))\|\|`
	`1911`	`+cmsg->cmsg_level!=SOL_SOCKET\|\|`
	`1912`	`+cmsg->cmsg_type!=SCM_CREDS)`
	`1913`	`+{`
	`1914`	`+ereport(LOG,`
	`1915`	`+(errcode(ERRCODE_PROTOCOL_VIOLATION),`
	`1916`	`+errmsg("could not get peer credentials: incorrect control message")));`
	`1917`	`+return false;`
	`1918`	`+}`
	`1919`	`+`
`1910`	`1920`	`cred= (Cred*)CMSG_DATA(cmsg);`
`1911`	`1921`
`1912`	`1922`	`pw=getpwuid(cred->cruid);`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 12 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -694,11 +694,12 @@ pg_local_sendauth(PGconn *conn)`
`694`	`694`	`structmsghdrmsg;`
`695`	`695`
`696`	`696`	`#ifdefHAVE_STRUCT_CMSGCRED`
`697`		`-/* Prevent padding */`
`698`		`-charcmsgmem[sizeof(structcmsghdr)+sizeof(structcmsgcred)];`
`699`		`-`
`700`		`-/* Point to start of first structure */`
`701`		`-structcmsghdrcmsg= (structcmsghdr)cmsgmem;`
	`697`	`+structcmsghdr*cmsg;`
	`698`	`+union`
	`699`	`+{`
	`700`	`+structcmsghdrhdr;`
	`701`	`+unsignedcharbuf[CMSG_SPACE(sizeof(structcmsgcred))];`
	`702`	`+}cmsgbuf;`
`702`	`703`	`#endif`
`703`	`704`
`704`	`705`	`/*`
`@@ -714,11 +715,12 @@ pg_local_sendauth(PGconn *conn)`
`714`	`715`	`msg.msg_iovlen=1;`
`715`	`716`
`716`	`717`	`#ifdefHAVE_STRUCT_CMSGCRED`
`717`		`-/* Create control header, FreeBSD */`
`718`		`-msg.msg_control=cmsg;`
`719`		`-msg.msg_controllen=sizeof(cmsgmem);`
`720`		`-memset(cmsg,0,sizeof(cmsgmem));`
`721`		`-cmsg->cmsg_len=sizeof(cmsgmem);`
	`718`	`+/* FreeBSD needs us to set up a message that will be filled in by kernel */`
	`719`	`+memset(&cmsgbuf,0,sizeof(cmsgbuf));`
	`720`	`+msg.msg_control=&cmsgbuf.buf;`
	`721`	`+msg.msg_controllen=sizeof(cmsgbuf.buf);`
	`722`	`+cmsg=CMSG_FIRSTHDR(&msg);`
	`723`	`+cmsg->cmsg_len=CMSG_LEN(sizeof(structcmsgcred));`
`722`	`724`	`cmsg->cmsg_level=SOL_SOCKET;`
`723`	`725`	`cmsg->cmsg_type=SCM_CREDS;`
`724`	`726`	`#endif`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite73bd1e

File tree

2 files changed

2 files changed

`‎src/backend/libpq/auth.c`

`‎src/interfaces/libpq/fe-auth.c`

0 commit comments