projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d4298e) | patch
libpq: Bail out during SSL/GSS negotiation errors
authorMichael Paquier <[email protected]>
Mon, 11 Nov 2024 01:19:52 +0000 (10:19 +0900)
committerMichael Paquier <[email protected]>
Mon, 11 Nov 2024 01:19:52 +0000 (10:19 +0900)
commitbf8835ea9717df50230c12133cff1b486dcc57be
treee984f04988bae0824f1964209d19275e031b2e74tree
parent5d4298e75f252b162008ad0475f29349023573cbcommit | diff
libpq: Bail out during SSL/GSS negotiation errors

This commit changes libpq so that errors reported by the backend during
the protocol negotiation for SSL and GSS are discarded by the client, as
these may include bytes that could be consumed by the client and write
arbitrary bytes to a client's terminal.

A failure with the SSL negotiation now leads to an error immediately
reported, without a retry on any other methods allowed, like a fallback
to a plaintext connection.

A failure with GSS discards the error message received, and we allow a
fallback as it may be possible that the error is caused by a connection
attempt with a pre-11 server, GSS encryption having been introduced in
v12.  This was a problem only with v17 and newer versions; older
versions discard the error message already in this case, assuming a
failure caused by a lack of support for GSS encryption.

Author: Jacob Champion
Reviewed-by: Peter Eisentraut, Heikki Linnakangas, Michael Paquier
Security: CVE-2024-10977
Backpatch-through: 12
doc/src/sgml/protocol.sgml diff | blob | blame | history
src/interfaces/libpq/fe-connect.c diff | blob | blame | history
src/interfaces/libpq/t/005_negotiate_encryption.pl diff | blob | blame | history
This is the main PostgreSQL git repository.