diff --git a/CVE-2021-23214.patch b/CVE-2021-23214.patch new file mode 100644 index 0000000000000000000000000000000000000000..318c20132efd7583c20e7c3d6414223df56da572 --- /dev/null +++ b/CVE-2021-23214.patch @@ -0,0 +1,108 @@ +From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Mon, 8 Nov 2021 11:01:43 -0500 +Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake. + +The server collects up to a bufferload of data whenever it reads data +from the client socket. When SSL or GSS encryption is requested +during startup, any additional data received with the initial +request message remained in the buffer, and would be treated as +already-decrypted data once the encryption handshake completed. +Thus, a man-in-the-middle with the ability to inject data into the +TCP connection could stuff some cleartext data into the start of +a supposedly encryption-protected database session. + +This could be abused to send faked SQL commands to the server, +although that would only work if the server did not demand any +authentication data. (However, a server relying on SSL certificate +authentication might well not do so.) + +To fix, throw a protocol-violation error if the internal buffer +is not empty after the encryption handshake. + +Our thanks to Jacob Champion for reporting this problem. + +Security: CVE-2021-23214 +--- + src/backend/libpq/pqcomm.c | 12 ++++++++++++ + src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++ + src/include/libpq/libpq.h | 1 + + 3 files changed, 37 insertions(+) + +diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c +index ee2cd86866da..93f2e0b81d32 100644 +--- a/src/backend/libpq/pqcomm.c ++++ b/src/backend/libpq/pqcomm.c +@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s) + } + } + ++/* -------------------------------- ++ * pq_buffer_has_data - is any buffered data available to read? ++ * ++ * This will *not* attempt to read more data. ++ * -------------------------------- ++ */ ++bool ++pq_buffer_has_data(void) ++{ ++ return (PqRecvPointer < PqRecvLength); ++} ++ + + /* -------------------------------- + * pq_startmsgread - begin reading a message from the client. +diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c +index 5775fc0c0910..1e0936e5b482 100644 +--- a/src/backend/postmaster/postmaster.c ++++ b/src/backend/postmaster/postmaster.c +@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) + return STATUS_ERROR; + #endif + ++ /* ++ * At this point we should have no data already buffered. If we do, ++ * it was received before we performed the SSL handshake, so it wasn't ++ * encrypted and indeed may have been injected by a man-in-the-middle. ++ * We report this case to the client. ++ */ ++ if (pq_buffer_has_data()) ++ ereport(FATAL, ++ (errcode(ERRCODE_PROTOCOL_VIOLATION), ++ errmsg("received unencrypted data after SSL request"), ++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); ++ + /* + * regular startup packet, cancel, etc packet should follow, but not + * another SSL negotiation request, and a GSS request should only +@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) + return STATUS_ERROR; + #endif + ++ /* ++ * At this point we should have no data already buffered. If we do, ++ * it was received before we performed the GSS handshake, so it wasn't ++ * encrypted and indeed may have been injected by a man-in-the-middle. ++ * We report this case to the client. ++ */ ++ if (pq_buffer_has_data()) ++ ereport(FATAL, ++ (errcode(ERRCODE_PROTOCOL_VIOLATION), ++ errmsg("received unencrypted data after GSSAPI encryption request"), ++ errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack."))); ++ + /* + * regular startup packet, cancel, etc packet should follow, but not + * another GSS negotiation request, and an SSL request should only +diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h +index b1152475ace5..54c5fa779773 100644 +--- a/src/include/libpq/libpq.h ++++ b/src/include/libpq/libpq.h +@@ -72,6 +72,7 @@ extern int pq_getmessage(StringInfo s, int maxlen); + extern int pq_getbyte(void); + extern int pq_peekbyte(void); + extern int pq_getbyte_if_available(unsigned char *c); ++extern bool pq_buffer_has_data(void); + extern int pq_putbytes(const char *s, size_t len); + + /* diff --git a/CVE-2021-23222.patch b/CVE-2021-23222.patch new file mode 100644 index 0000000000000000000000000000000000000000..0bd5ada95e7e5d55ff31c95837218655acb49754 --- /dev/null +++ b/CVE-2021-23222.patch @@ -0,0 +1,123 @@ +From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001 +From: Tom Lane +Date: Mon, 8 Nov 2021 11:14:56 -0500 +Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption + handshake. + +libpq collects up to a bufferload of data whenever it reads data from +the socket. When SSL or GSS encryption is requested during startup, +any additional data received with the server's yes-or-no reply +remained in the buffer, and would be treated as already-decrypted data +once the encryption handshake completed. Thus, a man-in-the-middle +with the ability to inject data into the TCP connection could stuff +some cleartext data into the start of a supposedly encryption-protected +database session. + +This could probably be abused to inject faked responses to the +client's first few queries, although other details of libpq's behavior +make that harder than it sounds. A different line of attack is to +exfiltrate the client's password, or other sensitive data that might +be sent early in the session. That has been shown to be possible with +a server vulnerable to CVE-2021-23214. + +To fix, throw a protocol-violation error if the internal buffer +is not empty after the encryption handshake. + +Our thanks to Jacob Champion for reporting this problem. + +Security: CVE-2021-23222 +--- + doc/src/sgml/protocol.sgml | 28 ++++++++++++++++++++++++++++ + src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 54 insertions(+) + +diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml +index e26619e1b53d..b692648fca47 100644 +--- a/doc/src/sgml/protocol.sgml ++++ b/doc/src/sgml/protocol.sgml +@@ -1471,6 +1471,20 @@ SELCT 1/0; + and proceed without requesting SSL. + + ++ ++ When SSL encryption can be performed, the server ++ is expected to send only the single S byte and then ++ wait for the frontend to initiate an SSL handshake. ++ If additional bytes are available to read at this point, it likely ++ means that a man-in-the-middle is attempting to perform a ++ buffer-stuffing attack ++ (CVE-2021-23222). ++ Frontends should be coded either to read exactly one byte from the ++ socket before turning the socket over to their SSL library, or to ++ treat it as a protocol violation if they find they have read additional ++ bytes. ++ ++ + + An initial SSLRequest can also be used in a connection that is being + opened to send a CancelRequest message. +@@ -1532,6 +1546,20 @@ SELCT 1/0; + encryption. + + ++ ++ When GSSAPI encryption can be performed, the server ++ is expected to send only the single G byte and then ++ wait for the frontend to initiate a GSSAPI handshake. ++ If additional bytes are available to read at this point, it likely ++ means that a man-in-the-middle is attempting to perform a ++ buffer-stuffing attack ++ (CVE-2021-23222). ++ Frontends should be coded either to read exactly one byte from the ++ socket before turning the socket over to their GSSAPI library, or to ++ treat it as a protocol violation if they find they have read additional ++ bytes. ++ ++ + + An initial GSSENCRequest can also be used in a connection that is being + opened to send a CancelRequest message. +diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c +index f80f4e98d8e0..57aee9518308 100644 +--- a/src/interfaces/libpq/fe-connect.c ++++ b/src/interfaces/libpq/fe-connect.c +@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn) + pollres = pqsecure_open_client(conn); + if (pollres == PGRES_POLLING_OK) + { ++ /* ++ * At this point we should have no data already buffered. ++ * If we do, it was received before we performed the SSL ++ * handshake, so it wasn't encrypted and indeed may have ++ * been injected by a man-in-the-middle. ++ */ ++ if (conn->inCursor != conn->inEnd) ++ { ++ appendPQExpBufferStr(&conn->errorMessage, ++ libpq_gettext("received unencrypted data after SSL response\n")); ++ goto error_return; ++ } ++ + /* SSL handshake done, ready to send startup packet */ + conn->status = CONNECTION_MADE; + return PGRES_POLLING_WRITING; +@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn) + pollres = pqsecure_open_gss(conn); + if (pollres == PGRES_POLLING_OK) + { ++ /* ++ * At this point we should have no data already buffered. ++ * If we do, it was received before we performed the GSS ++ * handshake, so it wasn't encrypted and indeed may have ++ * been injected by a man-in-the-middle. ++ */ ++ if (conn->inCursor != conn->inEnd) ++ { ++ appendPQExpBufferStr(&conn->errorMessage, ++ libpq_gettext("received unencrypted data after GSSAPI encryption response\n")); ++ goto error_return; ++ } ++ + /* All set for startup packet */ + conn->status = CONNECTION_MADE; + return PGRES_POLLING_WRITING; diff --git a/postgresql.spec b/postgresql.spec index fd4e97ed5299a34370677b6574a16174db11120d..dd657eaeb48515311bbefe42f6e53aa0ba2f89b2 100644 --- a/postgresql.spec +++ b/postgresql.spec @@ -1,6 +1,11 @@ %{!?beta:%global beta 0} %{!?test:%global test 1} +%ifarch riscv64 +# Fail to pass tests on riscv64 +%{!?llvmjit:%global llvmjit 0} +%else %{!?llvmjit:%global llvmjit 1} +%endif %{!?external_libpq:%global external_libpq 0} %{!?upgrade:%global upgrade 0} %{!?plpython:%global plpython 0} @@ -27,7 +32,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 13 Version: %{majorversion}.3 -Release: 4 +Release: 6 # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -71,7 +76,9 @@ Patch8: postgresql-external-libpq.patch Patch9: postgresql-server-pg_config.patch Patch10: postgresql-no-libecpg.patch Patch11: postgresql-datalayout-mismatch-on-s390.patch -Patch12: postgresql-subtransaction-test.patch +Patch12: CVE-2021-23214.patch +Patch13: CVE-2021-23222.patch +Patch14: postgresql-subtransaction-test.patch BuildRequires: gcc BuildRequires: perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk @@ -345,6 +352,8 @@ goal of accelerating analytics queries. %patch9 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 +%patch14 -p1 # We used to run autoconf here, but there's no longer any real need to, # since Postgres ships with a reasonably modern configure script. @@ -411,6 +420,9 @@ export CFLAGS # since that's still considered the default plpython version. common_configure_options=' --disable-rpath +%ifarch riscv64 + --disable-spinlocks +%endif %if %beta --enable-debug --enable-cassert @@ -600,6 +612,9 @@ upgrade_configure () --host=%{_host} \ --prefix=%prev_prefix \ --disable-rpath \ +%ifarch riscv64 + --disable-spinlocks \ +%endif %if %beta --enable-debug \ --enable-cassert \ @@ -1225,8 +1240,17 @@ make -C postgresql-setup-%{setup_version} check %changelog -* Fri May 6 2022 caodongxia - 13.3-4 -- Fix subtransaction test failed +* Mon Aug 1 2022 bzhaoop - 13.3-6 +- Porting "Fix subtransaction test failed" from master branch +- Fri May 6 2022 caodongxia - 13.3-4 +- sync the same line with master + +* Fri Mar 11 2022 wangkai - 13.3-5 +- Fix CVE-2021-23214 CVE-2021-23222 + +* Tue Jan 18 2022 lvxiaoqian - 13.3-4 +- Disable spinlocks on RISC-V 64-bit (riscv64) +- Disable LLVM/Clang for riscv64 (fails tests) * Tue Aug 3 2021 bzhaoop - 13.3-3 - Add the missed libpq.so file into postgresql-server-devel package.