upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-24 10:25:42 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend/libpq
History
Michael Paquier 90adc16ea1 Fix buffer overflow when parsing SCRAM verifiers in backend 
Any authenticated user can overflow a stack-based buffer by changing the
user's own password to a purpose-crafted value.  This often suffices to
execute arbitrary code as the PostgreSQL operating system account.

This fix is contributed by multiple folks, based on an initial analysis
from Tom Lane.  This issue has been introduced by 68e61ee, so it was
possible to make use of it at authentication time.  It became more
easily to trigger after ccae190 which has made the SCRAM parsing more
strict when changing a password, in the case where the client passes
down a verifier already hashed using SCRAM.  Back-patch to v10 where
SCRAM has been introduced.

Reported-by: Alexander Lakhin
Author: Jonathan Katz, Heikki Linnakangas, Michael Paquier
Security: CVE-2019-10164
Backpatch-through: 10
2019-06-17 21:48:34 +09:00
..
auth-scram.c Fix buffer overflow when parsing SCRAM verifiers in backend 2019-06-17 21:48:34 +09:00
auth.c Don't set PAM_RHOST for Unix sockets. 2018-11-28 14:15:00 +13:00
be-fsstubs.c Fix saving and restoring umask 2017-09-23 10:03:05 -04:00
be-secure-openssl.c Final pgindent + perltidy run for v10. 2017-08-14 17:29:33 -04:00
be-secure.c Server-side fix for delayed NOTIFY and SIGTERM processing. 2018-10-19 21:39:21 -04:00
crypt.c Fix detection of passwords hashed with MD5 or SCRAM-SHA-256 2019-04-23 15:43:38 +09:00
hba.c Fix possible buffer overrun in hba.c. 2018-11-13 16:29:33 +13:00
ifaddr.c Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
Makefile Support SCRAM-SHA-256 authentication (RFC 5802 and 7677). 2017-03-07 14:25:40 +02:00
pg_hba.conf.sample Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption. 2017-04-18 14:50:50 +03:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Second try at fixing tcp_keepalives_idle option on Solaris. 2017-06-28 12:30:16 -04:00
pqformat.c Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
pqmq.c Clean up shm_mq cleanup. 2017-08-31 15:10:24 -04:00
pqsignal.c Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------