pgsql: Fix buffer overflow when processing SCRAM final message in libpq

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: pgsql-committers(at)lists(dot)postgresql(dot)org
Subject: pgsql: Fix buffer overflow when processing SCRAM final message in libpq
Date: 2019-06-17 13:14:37
Message-ID: E1hcrT3-0005Ue-3U@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Fix buffer overflow when processing SCRAM final message in libpq

When a client connects to a rogue server sending specifically-crafted
messages, this can suffice to execute arbitrary code as the operating
system account used by the client.

While on it, fix one error handling when decoding an incorrect salt
included in the first message received from server.

Author: Michael Paquier
Reviewed-by: Jonathan Katz, Heikki Linnakangas
Security: CVE-2019-10164
Backpatch-through: 10

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/b67421178880f9df337dc19b8601b54b99efbc78

Modified Files
--------------
src/interfaces/libpq/fe-auth-scram.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)

Browse pgsql-committers by date

  From Date Subject
Next Message Peter Eisentraut 2019-06-17 13:33:13 pgsql: Translation updates
Previous Message Michael Paquier 2019-06-17 12:49:23 pgsql: Fix buffer overflow when parsing SCRAM verifiers in backend