diff options
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/pqcomm.c | 12 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 24 |
2 files changed, 36 insertions, 0 deletions
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c index ee2cd86866d..93f2e0b81d3 100644 --- a/src/backend/libpq/pqcomm.c +++ b/src/backend/libpq/pqcomm.c @@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) } } +/* -------------------------------- + * pq_buffer_has_data - is any buffered data available to read? + * + * This will *not* attempt to read more data. + * -------------------------------- + */ +bool +pq_buffer_has_data(void) +{ + return (PqRecvPointer < PqRecvLength); +} + /* -------------------------------- * pq_startmsgread - begin reading a message from the client. diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 5775fc0c091..1e0936e5b48 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -2050,6 +2050,18 @@ retry1: #endif /* + * At this point we should have no data already buffered. If we do, + * it was received before we performed the SSL handshake, so it wasn't + * encrypted and indeed may have been injected by a man-in-the-middle. + * We report this case to the client. + */ + if (pq_buffer_has_data()) + ereport(FATAL, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("received unencrypted data after SSL request"), + errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + + /* * regular startup packet, cancel, etc packet should follow, but not * another SSL negotiation request, and a GSS request should only * follow if SSL was rejected (client may negotiate in either order) @@ -2082,6 +2094,18 @@ retry1: #endif /* + * At this point we should have no data already buffered. If we do, + * it was received before we performed the GSS handshake, so it wasn't + * encrypted and indeed may have been injected by a man-in-the-middle. + * We report this case to the client. + */ + if (pq_buffer_has_data()) + ereport(FATAL, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("received unencrypted data after GSSAPI encryption request"), + errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); + + /* * regular startup packet, cancel, etc packet should follow, but not * another GSS negotiation request, and an SSL request should only * follow if GSS was rejected (client may negotiate in either order) |