diff options
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 28 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 26 |
2 files changed, 54 insertions, 0 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index ec8565298d6..57e5333e388 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1472,6 +1472,20 @@ SELCT 1/0;<!-- this typo is intentional --> </para> <para> + When <acronym>SSL</acronym> encryption can be performed, the server + is expected to send only the single <literal>S</literal> byte and then + wait for the frontend to initiate an <acronym>SSL</acronym> handshake. + If additional bytes are available to read at this point, it likely + means that a man-in-the-middle is attempting to perform a + buffer-stuffing attack + (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). + Frontends should be coded either to read exactly one byte from the + socket before turning the socket over to their SSL library, or to + treat it as a protocol violation if they find they have read additional + bytes. + </para> + + <para> An initial SSLRequest can also be used in a connection that is being opened to send a CancelRequest message. </para> @@ -1533,6 +1547,20 @@ SELCT 1/0;<!-- this typo is intentional --> </para> <para> + When <acronym>GSSAPI</acronym> encryption can be performed, the server + is expected to send only the single <literal>G</literal> byte and then + wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake. + If additional bytes are available to read at this point, it likely + means that a man-in-the-middle is attempting to perform a + buffer-stuffing attack + (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>). + Frontends should be coded either to read exactly one byte from the + socket before turning the socket over to their GSSAPI library, or to + treat it as a protocol violation if they find they have read additional + bytes. + </para> + + <para> An initial GSSENCRequest can also be used in a connection that is being opened to send a CancelRequest message. </para> diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index dfa50ede152..5e505e19bd0 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -2986,6 +2986,19 @@ keep_going: /* We will come back to here until there is pollres = pqsecure_open_client(conn); if (pollres == PGRES_POLLING_OK) { + /* + * At this point we should have no data already buffered. + * If we do, it was received before we performed the SSL + * handshake, so it wasn't encrypted and indeed may have + * been injected by a man-in-the-middle. + */ + if (conn->inCursor != conn->inEnd) + { + appendPQExpBufferStr(&conn->errorMessage, + libpq_gettext("received unencrypted data after SSL response\n")); + goto error_return; + } + /* SSL handshake done, ready to send startup packet */ conn->status = CONNECTION_MADE; return PGRES_POLLING_WRITING; @@ -3085,6 +3098,19 @@ keep_going: /* We will come back to here until there is pollres = pqsecure_open_gss(conn); if (pollres == PGRES_POLLING_OK) { + /* + * At this point we should have no data already buffered. + * If we do, it was received before we performed the GSS + * handshake, so it wasn't encrypted and indeed may have + * been injected by a man-in-the-middle. + */ + if (conn->inCursor != conn->inEnd) + { + appendPQExpBufferStr(&conn->errorMessage, + libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); + goto error_return; + } + /* All set for startup packet */ conn->status = CONNECTION_MADE; return PGRES_POLLING_WRITING; |