From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 8 Nov 2021 11:01:43 -0500 Subject: Reject extraneous data after SSL or GSS encryption handshake. The server collects up to a bufferload of data whenever it reads data from the client socket. When SSL or GSS encryption is requested during startup, any additional data received with the initial request message remained in the buffer, and would be treated as already-decrypted data once the encryption handshake completed. Thus, a man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) To fix, throw a protocol-violation error if the internal buffer is not empty after the encryption handshake. Our thanks to Jacob Champion for reporting this problem. Security: CVE-2021-23214 --- src/backend/libpq/pqcomm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/backend/libpq/pqcomm.c') diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c index ee2cd86866d..93f2e0b81d3 100644 --- a/src/backend/libpq/pqcomm.c +++ b/src/backend/libpq/pqcomm.c @@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) } } +/* -------------------------------- + * pq_buffer_has_data - is any buffered data available to read? + * + * This will *not* attempt to read more data. + * -------------------------------- + */ +bool +pq_buffer_has_data(void) +{ + return (PqRecvPointer < PqRecvLength); +} + /* -------------------------------- * pq_startmsgread - begin reading a message from the client. -- cgit v1.2.3