diff options
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/pqcomm.c | 12 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 26 |
2 files changed, 38 insertions, 0 deletions
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c index 0015fb754e8..d7f425de88c 100644 --- a/src/backend/libpq/pqcomm.c +++ b/src/backend/libpq/pqcomm.c @@ -1197,6 +1197,18 @@ pq_getstring(StringInfo s) } } +/* -------------------------------- + * pq_buffer_has_data - is any buffered data available to read? + * + * This will *not* attempt to read more data. + * -------------------------------- + */ +bool +pq_buffer_has_data(void) +{ + return (PqRecvPointer < PqRecvLength); +} + /* -------------------------------- * pq_startmsgread - begin reading a message from the client. diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 643ddfbcaef..2b26766f021 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -2034,6 +2034,19 @@ retry1: if (SSLok == 'S' && secure_open_server(port) == -1) return STATUS_ERROR; #endif + + /* + * At this point we should have no data already buffered. If we do, + * it was received before we performed the SSL handshake, so it wasn't + * encrypted and indeed may have been injected by a man-in-the-middle. + * We report this case to the client. + */ + if (pq_buffer_has_data()) + ereport(FATAL, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("received unencrypted data after SSL request"), + errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + /* * regular startup packet, cancel, etc packet should follow, but not * another SSL negotiation request, and a GSS request should only @@ -2065,6 +2078,19 @@ retry1: if (GSSok == 'G' && secure_open_gssapi(port) == -1) return STATUS_ERROR; #endif + + /* + * At this point we should have no data already buffered. If we do, + * it was received before we performed the GSS handshake, so it wasn't + * encrypted and indeed may have been injected by a man-in-the-middle. + * We report this case to the client. + */ + if (pq_buffer_has_data()) + ereport(FATAL, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("received unencrypted data after GSSAPI encryption request"), + errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + /* * regular startup packet, cancel, etc packet should follow, but not * another GSS negotiation request, and an SSL request should only |