diff options
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 21 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 15 |
2 files changed, 17 insertions, 19 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 70605dcb882..b6c07b1d053 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1527,10 +1527,10 @@ SELCT 1/0;<!-- this typo is intentional --> <para> The frontend should also be prepared to handle an ErrorMessage - response to SSLRequest from the server. This would only occur if - the server predates the addition of <acronym>SSL</acronym> support - to <productname>PostgreSQL</productname>. (Such servers are now very ancient, - and likely do not exist in the wild anymore.) + response to SSLRequest from the server. The frontend should not display + this error message to the user/application, since the server has not been + authenticated + (<ulink url="https://www.postgresql.org/support/security/CVE-2024-10977/">CVE-2024-10977</ulink>). In this case the connection must be closed, but the frontend might choose to open a fresh connection and proceed without requesting <acronym>SSL</acronym>. @@ -1604,12 +1604,13 @@ SELCT 1/0;<!-- this typo is intentional --> <para> The frontend should also be prepared to handle an ErrorMessage - response to GSSENCRequest from the server. This would only occur if - the server predates the addition of <acronym>GSSAPI</acronym> encryption - support to <productname>PostgreSQL</productname>. In this case the - connection must be closed, but the frontend might choose to open a fresh - connection and proceed without requesting <acronym>GSSAPI</acronym> - encryption. + response to GSSENCRequest from the server. The frontend should not display + this error message to the user/application, since the server has not been + authenticated + (<ulink url="https://www.postgresql.org/support/security/CVE-2024-10977/">CVE-2024-10977</ulink>). + In this case the connection must be closed, but the frontend might choose + to open a fresh connection and proceed without requesting + <acronym>GSSAPI</acronym> encryption. </para> <para> diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 543df7801a9..e799564f8df 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -3077,16 +3077,13 @@ keep_going: /* We will come back to here until there is { /* * Server failure of some sort, such as failure to - * fork a backend process. We need to process and - * report the error message, which might be formatted - * according to either protocol 2 or protocol 3. - * Rather than duplicate the code for that, we flip - * into AWAITING_RESPONSE state and let the code there - * deal with it. Note we have *not* consumed the "E" - * byte here. + * fork a backend process. Don't bother retrieving + * the error message; we should not trust it as the + * server has not been authenticated yet. */ - conn->status = CONNECTION_AWAITING_RESPONSE; - goto keep_going; + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("server sent an error response during SSL exchange\n")); + goto error_return; } else { |