pgsql: libpq: reject extraneous data after SSL or GSS encryption handsh
| От | Tom Lane |
|---|---|
| Тема | pgsql: libpq: reject extraneous data after SSL or GSS encryption handsh |
| Дата | |
| Msg-id | E1mk7Iy-0000GZ-Kv@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
libpq: reject extraneous data after SSL or GSS encryption handshake. libpq collects up to a bufferload of data whenever it reads data from the socket. When SSL or GSS encryption is requested during startup, any additional data received with the server's yes-or-no reply remained in the buffer, and would be treated as already-decrypted data once the encryption handshake completed. Thus, a man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214. To fix, throw a protocol-violation error if the internal buffer is not empty after the encryption handshake. Our thanks to Jacob Champion for reporting this problem. Security: CVE-2021-23222 Branch ------ REL_11_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/a021a1d2aeba8ce3391f56a070f01db00468da27 Modified Files -------------- doc/src/sgml/protocol.sgml | 14 ++++++++++++++ src/interfaces/libpq/fe-connect.c | 13 +++++++++++++ 2 files changed, 27 insertions(+)
В списке pgsql-committers по дате отправления: