pgsql: libpq: Bail out during SSL/GSS negotiation errors - Mailing list pgsql-committers

From Michael Paquier
Subject pgsql: libpq: Bail out during SSL/GSS negotiation errors
Date
Msg-id E1tAJ6h-001ELC-R2@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
libpq: Bail out during SSL/GSS negotiation errors

This commit changes libpq so that errors reported by the backend during
the protocol negotiation for SSL and GSS are discarded by the client, as
these may include bytes that could be consumed by the client and write
arbitrary bytes to a client's terminal.

A failure with the SSL negotiation now leads to an error immediately
reported, without a retry on any other methods allowed, like a fallback
to a plaintext connection.

A failure with GSS discards the error message received, and we allow a
fallback as it may be possible that the error is caused by a connection
attempt with a pre-11 server, GSS encryption having been introduced in
v12.  This was a problem only with v17 and newer versions; older
versions discard the error message already in this case, assuming a
failure caused by a lack of support for GSS encryption.

Author: Jacob Champion
Reviewed-by: Peter Eisentraut, Heikki Linnakangas, Michael Paquier
Security: CVE-2024-10977
Backpatch-through: 12

Branch
------
REL_15_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/d2c3e31c13a6820980c2c6019f0b8f9f0b63ae6e

Modified Files
--------------
doc/src/sgml/protocol.sgml        | 21 +++++++++++----------
src/interfaces/libpq/fe-connect.c | 15 ++++++---------
2 files changed, 17 insertions(+), 19 deletions(-)


pgsql-committers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: pgsql: Release notes for 17.1, 16.5, 15.9, 14.14, 13.17, 12.21.
Next
From: Michael Paquier
Date:
Subject: pgsql: Add two attributes to pg_stat_database for parallel workers acti