109 lines
4.2 KiB
Diff
109 lines
4.2 KiB
Diff
From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001
|
|
From: Tom Lane <tgl@sss.pgh.pa.us>
|
|
Date: Mon, 8 Nov 2021 11:01:43 -0500
|
|
Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake.
|
|
|
|
The server collects up to a bufferload of data whenever it reads data
|
|
from the client socket. When SSL or GSS encryption is requested
|
|
during startup, any additional data received with the initial
|
|
request message remained in the buffer, and would be treated as
|
|
already-decrypted data once the encryption handshake completed.
|
|
Thus, a man-in-the-middle with the ability to inject data into the
|
|
TCP connection could stuff some cleartext data into the start of
|
|
a supposedly encryption-protected database session.
|
|
|
|
This could be abused to send faked SQL commands to the server,
|
|
although that would only work if the server did not demand any
|
|
authentication data. (However, a server relying on SSL certificate
|
|
authentication might well not do so.)
|
|
|
|
To fix, throw a protocol-violation error if the internal buffer
|
|
is not empty after the encryption handshake.
|
|
|
|
Our thanks to Jacob Champion for reporting this problem.
|
|
|
|
Security: CVE-2021-23214
|
|
---
|
|
src/backend/libpq/pqcomm.c | 12 ++++++++++++
|
|
src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++
|
|
src/include/libpq/libpq.h | 1 +
|
|
3 files changed, 37 insertions(+)
|
|
|
|
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
|
|
index ee2cd86866da..93f2e0b81d32 100644
|
|
--- a/src/backend/libpq/pqcomm.c
|
|
+++ b/src/backend/libpq/pqcomm.c
|
|
@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s)
|
|
}
|
|
}
|
|
|
|
+/* --------------------------------
|
|
+ * pq_buffer_has_data - is any buffered data available to read?
|
|
+ *
|
|
+ * This will *not* attempt to read more data.
|
|
+ * --------------------------------
|
|
+ */
|
|
+bool
|
|
+pq_buffer_has_data(void)
|
|
+{
|
|
+ return (PqRecvPointer < PqRecvLength);
|
|
+}
|
|
+
|
|
|
|
/* --------------------------------
|
|
* pq_startmsgread - begin reading a message from the client.
|
|
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
|
|
index 5775fc0c0910..1e0936e5b482 100644
|
|
--- a/src/backend/postmaster/postmaster.c
|
|
+++ b/src/backend/postmaster/postmaster.c
|
|
@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
|
|
return STATUS_ERROR;
|
|
#endif
|
|
|
|
+ /*
|
|
+ * At this point we should have no data already buffered. If we do,
|
|
+ * it was received before we performed the SSL handshake, so it wasn't
|
|
+ * encrypted and indeed may have been injected by a man-in-the-middle.
|
|
+ * We report this case to the client.
|
|
+ */
|
|
+ if (pq_buffer_has_data())
|
|
+ ereport(FATAL,
|
|
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
+ errmsg("received unencrypted data after SSL request"),
|
|
+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
|
|
+
|
|
/*
|
|
* regular startup packet, cancel, etc packet should follow, but not
|
|
* another SSL negotiation request, and a GSS request should only
|
|
@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
|
|
return STATUS_ERROR;
|
|
#endif
|
|
|
|
+ /*
|
|
+ * At this point we should have no data already buffered. If we do,
|
|
+ * it was received before we performed the GSS handshake, so it wasn't
|
|
+ * encrypted and indeed may have been injected by a man-in-the-middle.
|
|
+ * We report this case to the client.
|
|
+ */
|
|
+ if (pq_buffer_has_data())
|
|
+ ereport(FATAL,
|
|
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
+ errmsg("received unencrypted data after GSSAPI encryption request"),
|
|
+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
|
|
+
|
|
/*
|
|
* regular startup packet, cancel, etc packet should follow, but not
|
|
* another GSS negotiation request, and an SSL request should only
|
|
diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
|
|
index b1152475ace5..54c5fa779773 100644
|
|
--- a/src/include/libpq/libpq.h
|
|
+++ b/src/include/libpq/libpq.h
|
|
@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen);
|
|
extern int pq_getbyte(void);
|
|
extern int pq_peekbyte(void);
|
|
extern int pq_getbyte_if_available(unsigned char *c);
|
|
+extern bool pq_buffer_has_data(void);
|
|
extern int pq_putbytes(const char *s, size_t len);
|
|
|
|
/*
|