From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Fix low-risk potential denial of service against RADIUS login. |
Date: | 2010-10-15 15:03:21 |
Message-ID: | E1P6loX-0005ug-NK@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Fix low-risk potential denial of service against RADIUS login.
Corrupt RADIUS responses were treated as errors and not ignored
(which the RFC2865 states they should be). This meant that a
user with unfiltered access to the network of the PostgreSQL
or RADIUS server could send a spoofed RADIUS response
to the PostgreSQL server causing it to reject a valid login,
provided the attacker could also guess (or brute-force) the
correct port number.
Fix is to simply retry the receive in a loop until the timeout
has expired or a valid (signed by the correct RADIUS server)
packet arrives.
Reported by Alan DeKok in bug #5687.
Branch
------
REL9_0_STABLE
Details
-------
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=24d446b56959f4449b5c78520a954ea0bbb517b8
Modified Files
--------------
src/backend/libpq/auth.c | 220 ++++++++++++++++++++++++++--------------------
1 files changed, 126 insertions(+), 94 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Thom Brown | 2010-10-15 15:16:51 | Re: pgsql: Fix low-risk potential denial of service against RADIUS login. |
Previous Message | User Andrewd | 2010-10-15 14:16:13 | pgbuildfarm - client-code: facility to add notes for member on server |