91 lines
3.4 KiB
Diff
91 lines
3.4 KiB
Diff
From 9ae0f1112954989e955b4b29e4580216eccfcee4 Mon Sep 17 00:00:00 2001
|
|
From: Tom Lane <tgl@sss.pgh.pa.us>
|
|
Date: Mon, 8 Nov 2021 11:01:43 -0500
|
|
Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake.
|
|
|
|
The server collects up to a bufferload of data whenever it reads data
|
|
from the client socket. When SSL or GSS encryption is requested
|
|
during startup, any additional data received with the initial
|
|
request message remained in the buffer, and would be treated as
|
|
already-decrypted data once the encryption handshake completed.
|
|
Thus, a man-in-the-middle with the ability to inject data into the
|
|
TCP connection could stuff some cleartext data into the start of
|
|
a supposedly encryption-protected database session.
|
|
|
|
This could be abused to send faked SQL commands to the server,
|
|
although that would only work if the server did not demand any
|
|
authentication data. (However, a server relying on SSL certificate
|
|
authentication might well not do so.)
|
|
|
|
To fix, throw a protocol-violation error if the internal buffer
|
|
is not empty after the encryption handshake.
|
|
|
|
Our thanks to Jacob Champion for reporting this problem.
|
|
|
|
Security: CVE-2021-23214
|
|
---
|
|
src/backend/libpq/pqcomm.c | 12 ++++++++++++
|
|
src/backend/postmaster/postmaster.c | 13 +++++++++++++
|
|
src/include/libpq/libpq.h | 1 +
|
|
3 files changed, 26 insertions(+)
|
|
|
|
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
|
|
index 4452ea4228cb..31bedac24912 100644
|
|
--- a/src/backend/libpq/pqcomm.c
|
|
+++ b/src/backend/libpq/pqcomm.c
|
|
@@ -1199,6 +1199,18 @@ pq_getstring(StringInfo s)
|
|
}
|
|
}
|
|
|
|
+/* --------------------------------
|
|
+ * pq_buffer_has_data - is any buffered data available to read?
|
|
+ *
|
|
+ * This will *not* attempt to read more data.
|
|
+ * --------------------------------
|
|
+ */
|
|
+bool
|
|
+pq_buffer_has_data(void)
|
|
+{
|
|
+ return (PqRecvPointer < PqRecvLength);
|
|
+}
|
|
+
|
|
|
|
/* --------------------------------
|
|
* pq_startmsgread - begin reading a message from the client.
|
|
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
|
|
index 586d6a7d3b96..661b2d037f2a 100644
|
|
--- a/src/backend/postmaster/postmaster.c
|
|
+++ b/src/backend/postmaster/postmaster.c
|
|
@@ -2061,6 +2061,19 @@ ProcessStartupPacket(Port *port, bool SSLdone)
|
|
if (SSLok == 'S' && secure_open_server(port) == -1)
|
|
return STATUS_ERROR;
|
|
#endif
|
|
+
|
|
+ /*
|
|
+ * At this point we should have no data already buffered. If we do,
|
|
+ * it was received before we performed the SSL handshake, so it wasn't
|
|
+ * encrypted and indeed may have been injected by a man-in-the-middle.
|
|
+ * We report this case to the client.
|
|
+ */
|
|
+ if (pq_buffer_has_data())
|
|
+ ereport(FATAL,
|
|
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
+ errmsg("received unencrypted data after SSL request"),
|
|
+ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
|
|
+
|
|
/* regular startup packet, cancel, etc packet should follow... */
|
|
/* but not another SSL negotiation request */
|
|
return ProcessStartupPacket(port, true);
|
|
diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
|
|
index fd2dd5853ccf..d3cf746de39f 100644
|
|
--- a/src/include/libpq/libpq.h
|
|
+++ b/src/include/libpq/libpq.h
|
|
@@ -70,6 +70,7 @@ extern int pq_getmessage(StringInfo s, int maxlen);
|
|
extern int pq_getbyte(void);
|
|
extern int pq_peekbyte(void);
|
|
extern int pq_getbyte_if_available(unsigned char *c);
|
|
+extern bool pq_buffer_has_data(void);
|
|
extern int pq_putbytes(const char *s, size_t len);
|
|
|
|
/*
|