upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-12 20:46:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/include
History
Tom Lane 9ae0f11129 Reject extraneous data after SSL or GSS encryption handshake. 
The server collects up to a bufferload of data whenever it reads data
from the client socket.  When SSL or GSS encryption is requested
during startup, any additional data received with the initial
request message remained in the buffer, and would be treated as
already-decrypted data once the encryption handshake completed.
Thus, a man-in-the-middle with the ability to inject data into the
TCP connection could stuff some cleartext data into the start of
a supposedly encryption-protected database session.

This could be abused to send faked SQL commands to the server,
although that would only work if the server did not demand any
authentication data.  (However, a server relying on SSL certificate
authentication might well not do so.)

To fix, throw a protocol-violation error if the internal buffer
is not empty after the encryption handshake.

Our thanks to Jacob Champion for reporting this problem.

Security: CVE-2021-23214
2021-11-08 11:01:43 -05:00
..
access Fix CREATE INDEX CONCURRENTLY for the newest prepared transactions. 2021-10-23 18:36:43 -07:00
bootstrap Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
catalog Fix WAL replay in presence of an incomplete record 2021-09-29 11:21:51 -03:00
commands Mark assorted variables PGDLLIMPORT. 2017-12-05 09:24:05 -05:00
common Move connect.h from fe_utils to src/include/common. 2020-08-10 09:22:59 -07:00
datatype Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
executor Fix mishandling of resjunk columns in ON CONFLICT ... UPDATE tlists. 2021-05-10 11:02:30 -04:00
fe_utils Empty search_path in Autovacuum and non-psql/pgbench clients. 2018-02-26 07:39:47 -08:00
foreign Separate reinitialization of shared parallel-scan state from ExecReScan. 2017-08-30 13:18:16 -04:00
lib Fix incorrect hash table resizing code in simplehash.h 2021-08-13 16:44:18 +12:00
libpq Reject extraneous data after SSL or GSS encryption handshake. 2021-11-08 11:01:43 -05:00
mb Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
nodes Avoid trying to lock OLD/NEW in a rule with FOR UPDATE. 2021-08-19 12:12:36 -04:00
optimizer Be more careful about the shape of hashable subplan clauses. 2020-08-14 22:14:03 -04:00
parser Fix handling of CREATE TABLE LIKE with inheritance. 2020-08-21 15:00:43 -04:00
port Default to wal_sync_method=fdatasync on FreeBSD. 2021-02-15 16:08:24 +13:00
portability Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
postmaster Fix race condition between shutdown and unstarted background workers. 2020-12-24 17:00:43 -05:00
regex Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
replication Reset properly snapshot export state during transaction abort 2021-10-18 11:57:02 +09:00
rewrite Defend against self-referential views in relation_is_updatable(). 2019-11-21 16:21:44 -05:00
snowball Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
statistics Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
storage Fix CREATE INDEX CONCURRENTLY for the newest prepared transactions. 2021-10-23 18:36:43 -07:00
tcop Fix event triggers for partitioned tables 2018-10-06 19:17:46 -03:00
tsearch Don't leak compiled regex(es) when an ispell cache entry is dropped. 2021-03-18 21:44:43 -04:00
utils Avoid race in RelationBuildDesc() affecting CREATE INDEX CONCURRENTLY. 2021-10-23 18:36:43 -07:00
.gitignore Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
c.h pg_attribute_no_sanitize_alignment() macro 2021-02-13 17:49:08 -05:00
fmgr.h Fix minor violations of FunctionCallInvoke usage protocol. 2020-04-21 14:23:42 -04:00
funcapi.h Avoid holding a directory FD open across assorted SRF calls. 2020-03-16 21:05:55 -04:00
getaddrinfo.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
getopt_long.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
Makefile Add statistics subdirectory to Makefile. 2017-06-08 11:29:50 -04:00
miscadmin.h Refactor CHECK_FOR_INTERRUPTS() to add flexibility. 2021-05-14 12:54:26 -04:00
pg_config.h.in Update configure's probe for libldap to work with OpenLDAP 2.5. 2021-07-09 12:38:55 -04:00
pg_config.h.win32 Stamp 10.18. 2021-08-09 16:54:22 -04:00
pg_config_ext.h.in Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
pg_config_ext.h.win32 Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
pg_config_manual.h Fix default minimum value for descending sequences 2017-01-23 14:00:58 -05:00
pg_getopt.h Use our own getopt() on OpenBSD. 2019-01-18 15:06:26 -05:00
pg_trace.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
pgstat.h Add GUC variables for stat tracking and timeout as PGDLLIMPORT 2020-01-21 13:47:05 +09:00
pgtar.h Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
pgtime.h Mark assorted variables PGDLLIMPORT. 2017-12-05 09:24:05 -05:00
port.h Support use of strnlen() in pre-v11 branches. 2021-06-07 13:12:35 -04:00
postgres.h Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
postgres_ext.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
postgres_fe.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
rusagestub.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
windowapi.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00