| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Subject: | [PATCH] Align GSS and TLS error handling in PQconnectPoll() |
| Date: | 2023-02-13 18:49:17 |
| Message-ID: | 23787477-5fe1-a161-6d2a-e459f74c4713@timescale.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
During the gssencmode CVE discussion, we noticed that PQconnectPoll()
handles the error cases for TLS and GSS transport encryption slightly
differently. After TLS fails, the connection handle is dead and future
calls to PQconnectPoll() return immediately. But after GSS encryption
fails, the connection handle can still be used to reenter the GSS
handling code.
This doesn't appear to have any security implications today -- and a
client has to actively try to reuse a handle that's already failed --
but it seems undesirable. Michael (cc'd) came up with a patch, which I
have attached here and will register in the CF.
Thanks,
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| PQconnectPoll-poison-connection-on-gssenc-error.patch | text/x-patch | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2023-02-13 18:52:11 | Re: ICU locale validation / canonicalization |
| Previous Message | Justin Pryzby | 2023-02-13 18:48:07 | Re: Making Vars outer-join aware |