From: | Thom Brown <thom(at)linux(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | pgsql-committers(at)postgresql(dot)org |
Subject: | Re: pgsql: Fix low-risk potential denial of service against RADIUS login. |
Date: | 2010-10-15 15:16:51 |
Message-ID: | AANLkTik6naZXVctOYVGDj0YNoH=S0uKxt7Oj_EJPHY54@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
On 15 October 2010 16:03, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Fix low-risk potential denial of service against RADIUS login.
>
> Corrupt RADIUS responses were treated as errors and not ignored
> (which the RFC2865 states they should be). This meant that a
> user with unfiltered access to the network of the PostgreSQL
> or RADIUS server could send a spoofed RADIUS response
> to the PostgreSQL server causing it to reject a valid login,
> provided the attacker could also guess (or brute-force) the
> correct port number.
>
> Fix is to simply retry the receive in a loop until the timeout
> has expired or a valid (signed by the correct RADIUS server)
> packet arrives.
>
> Reported by Alan DeKok in bug #5687.
>
> Branch
> ------
> master
>
> Details
> -------
> http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=0e7f7071e893bb171150e53271404b0819a40669
>
> Modified Files
> --------------
> src/backend/libpq/auth.c | 220 ++++++++++++++++++++++++++--------------------
> 1 files changed, 126 insertions(+), 94 deletions(-)
Should this...
timeoutval = (endtime.tv_sec * 1000000 + endtime.tv_usec) -
(now.tv_sec * 1000000 + now.tv_usec);
be parenthesised a bit more? Given operator precedence, I'm assuming
this makes it...
timeoutval = ((endtime.tv_sec * 1000000) + endtime.tv_usec) -
((now.tv_sec * 1000000) + now.tv_usec);
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
From | Date | Subject | |
---|---|---|---|
Next Message | Hiroshi Saito | 2010-10-15 16:31:03 | psqlodbc - psqlodbc: Ooops, forget to take... |
Previous Message | Magnus Hagander | 2010-10-15 15:03:21 | pgsql: Fix low-risk potential denial of service against RADIUS login. |