Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRdtE-0008DU-Kz for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Feb 2023 18:49:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1pRdtD-0006fC-Ez for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Feb 2023 18:49:23 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRdtD-0006f2-44 for pgsql-hackers@lists.postgresql.org; Mon, 13 Feb 2023 18:49:23 +0000 Received: from mail-pf1-x42b.google.com ([2607:f8b0:4864:20::42b]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1pRdtB-0004yh-4y for pgsql-hackers@lists.postgresql.org; Mon, 13 Feb 2023 18:49:22 +0000 Received: by mail-pf1-x42b.google.com with SMTP id n2so8601781pfo.3 for ; Mon, 13 Feb 2023 10:49:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timescale.com; s=google; h=to:subject:from:cc:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=VmoiNOWoLb0uv9zFTYqi74vcY+MYfO6FhdeJA0+1Ff8=; b=LCdMKlTgYPM5zus7/1wrXKUsf/AuPVee8eCcFVlvgxWK/kLm0RBf9/NsYoDhHlkdid rzovlkkNKUSahOd+eQPKASPhGR4tOiAnV8Gr60V6gW2qjDjIk6I1wGIDNVSaJSTmx8qy 9NeFc/U/yfNYduJEKBaLQPWumQ2Eu/nrFTfGFdkkPpIXG3MBWE3iuc8LBJsn7vX0COjE KpkkTOJAt3NOTC3U68sLhbY13O9BDccIvgJTZlv0aBFjwninAdPJN7eGwnoWo+Wwtgxt EvODeMSZaLF6Nbqs1HI5urCDBU81htmiAzsDcqcgD9bqbaayNKA2f+uXndZlAw8Dq01V hJGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:from:cc:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VmoiNOWoLb0uv9zFTYqi74vcY+MYfO6FhdeJA0+1Ff8=; b=7EtQTPtmbFPyGac/J4nYqpoyHpFZzQIUoRZOs8QjAKmpN9lEGyOUZdBiVQWKPtNbJR 6rFiZG/CUdZ9d01cXkuNnLLGsq2YVS7E9eAhIXB+I9S6xKt3imcHv1zeSHuhXTXzBXj5 +G/6eQCR9JGee97kOyJKRiPWaKRPzzXs88BynMjFFvY4unYJetMARQPPe8c818KhkA3V O5BNPAWj5bfJiMdCJiyj4Q5kW50URL0d7V+9Q14WIqPoNvS/JLgJBOXQws8ZWI5inClV D6OVj6bWM2DPazg0KdNMjPWzgHCZnLcjw9iNzqYmJvd4O3ejs81GFuaxiQ8If+xqj65b i2qA== X-Gm-Message-State: AO0yUKVa9tKfNFEW8KbtA79J3CAblCjgu5y0R4+cTvHFMzxiLU8+M+nH CBnFLedP2LFPnnpg1K76Ul9cC/8L8TX9l6PaORQ= X-Google-Smtp-Source: AK7set97q8rHouK98MzdhRHoTprkC+RV5olBcgd4XeDh3TF2IJSLmxnH3NPHcL7hpDlrldyJCmoD8Q== X-Received: by 2002:aa7:9419:0:b0:593:98cb:e6f6 with SMTP id x25-20020aa79419000000b0059398cbe6f6mr17853739pfo.9.1676314158903; Mon, 13 Feb 2023 10:49:18 -0800 (PST) Received: from [192.168.1.21] ([50.53.8.205]) by smtp.gmail.com with ESMTPSA id 22-20020aa79116000000b0059250c374cesm8315264pfh.115.2023.02.13.10.49.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 13 Feb 2023 10:49:18 -0800 (PST) Content-Type: multipart/mixed; boundary="------------nveu0geLSgQOHG81vGvhOIjl" Message-ID: <23787477-5fe1-a161-6d2a-e459f74c4713@timescale.com> Date: Mon, 13 Feb 2023 10:49:17 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US Cc: Michael Paquier From: Jacob Champion Subject: [PATCH] Align GSS and TLS error handling in PQconnectPoll() To: PostgreSQL Hackers List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------nveu0geLSgQOHG81vGvhOIjl Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi all, During the gssencmode CVE discussion, we noticed that PQconnectPoll() handles the error cases for TLS and GSS transport encryption slightly differently. After TLS fails, the connection handle is dead and future calls to PQconnectPoll() return immediately. But after GSS encryption fails, the connection handle can still be used to reenter the GSS handling code. This doesn't appear to have any security implications today -- and a client has to actively try to reuse a handle that's already failed -- but it seems undesirable. Michael (cc'd) came up with a patch, which I have attached here and will register in the CF. Thanks, --Jacob --------------nveu0geLSgQOHG81vGvhOIjl Content-Type: text/x-patch; charset=UTF-8; name="PQconnectPoll-poison-connection-on-gssenc-error.patch" Content-Disposition: attachment; filename="PQconnectPoll-poison-connection-on-gssenc-error.patch" Content-Transfer-Encoding: base64 RnJvbSA3NWIxYmU1ZjQ4NGEyOGU1NDMyOTBlMjA4NDc0ZDM2MDNhMzI3MGJmIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYWNvYiBDaGFtcGlvbiA8amNoYW1waW9uQHRpbWVz Y2FsZS5jb20+CkRhdGU6IE1vbiwgMTMgRmViIDIwMjMgMTA6MzA6NDMgLTA4MDAKU3ViamVj dDogW1BBVENIXSBQUWNvbm5lY3RQb2xsOiBwb2lzb24gY29ubmVjdGlvbiBvbiBnc3NlbmMg ZXJyb3IKCkN1cnJlbnRseSwgY29ubi0+c3RhdHVzIGlzbid0IHVwZGF0ZWQgd2hlbiBnc3Nl bmMgZXN0YWJsaXNobWVudCBmYWlscywKd2hpY2ggYWxsb3dzIGFueSAobWlzYmVoYXZlZCkg ZnV0dXJlIGNhbGxzIHRvIFBRY29ubmVjdFBvbGwoKSB0byByZWVudGVyCkNPTk5FQ1RJT05f R1NTX1NUQVJUVVAuIEFsaWduIHRoaXMgY29kZSB3aXRoIHRoZSBDT05ORUNUSU9OX1NTTF9T VEFSVFVQCmNhc2UsIHdoaWNoIGp1bXBzIHRvIGVycm9yX3JldHVybiBhbmQgcG9pc29ucyB0 aGUgY29ubmVjdGlvbiBoYW5kbGUuCgpQYXRjaCBpcyBieSBNaWNoYWVsIFBhcXVpZXI7IEkg anVzdCByZWJhc2VkIG92ZXIgSEVBRC4KLS0tCiBzcmMvaW50ZXJmYWNlcy9saWJwcS9mZS1j b25uZWN0LmMgfCAyMyArKysrKysrKysrKysrKy0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQs IDE0IGluc2VydGlvbnMoKyksIDkgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL2lu dGVyZmFjZXMvbGlicHEvZmUtY29ubmVjdC5jIGIvc3JjL2ludGVyZmFjZXMvbGlicHEvZmUt Y29ubmVjdC5jCmluZGV4IDUwYjVkZjM0OTAuLjEwNzBiNmRiMjQgMTAwNjQ0Ci0tLSBhL3Ny Yy9pbnRlcmZhY2VzL2xpYnBxL2ZlLWNvbm5lY3QuYworKysgYi9zcmMvaW50ZXJmYWNlcy9s aWJwcS9mZS1jb25uZWN0LmMKQEAgLTMxNDgsMTcgKzMxNDgsMjIgQEAga2VlcF9nb2luZzoJ CQkJCQkvKiBXZSB3aWxsIGNvbWUgYmFjayB0byBoZXJlIHVudGlsIHRoZXJlIGlzCiAJCQkJ CWNvbm4tPnN0YXR1cyA9IENPTk5FQ1RJT05fTUFERTsKIAkJCQkJcmV0dXJuIFBHUkVTX1BP TExJTkdfV1JJVElORzsKIAkJCQl9Ci0JCQkJZWxzZSBpZiAocG9sbHJlcyA9PSBQR1JFU19Q T0xMSU5HX0ZBSUxFRCAmJgotCQkJCQkJIGNvbm4tPmdzc2VuY21vZGVbMF0gPT0gJ3AnKQor CQkJCWVsc2UgaWYgKHBvbGxyZXMgPT0gUEdSRVNfUE9MTElOR19GQUlMRUQpCiAJCQkJewot CQkJCQkvKgotCQkJCQkgKiBXZSBmYWlsZWQsIGJ1dCB3ZSBjYW4gcmV0cnkgb24gInByZWZl ciIuICBIYXZlIHRvIGRyb3AKLQkJCQkJICogdGhlIGN1cnJlbnQgY29ubmVjdGlvbiB0byBk byBzbywgdGhvdWdoLgotCQkJCQkgKi8KLQkJCQkJY29ubi0+dHJ5X2dzcyA9IGZhbHNlOwot CQkJCQluZWVkX25ld19jb25uZWN0aW9uID0gdHJ1ZTsKLQkJCQkJZ290byBrZWVwX2dvaW5n OworCQkJCQlpZiAoY29ubi0+Z3NzZW5jbW9kZVswXSA9PSAncCcpCisJCQkJCXsKKwkJCQkJ CS8qCisJCQkJCQkgKiBXZSBmYWlsZWQsIGJ1dCB3ZSBjYW4gcmV0cnkgb24gInByZWZlciIu ICBIYXZlIHRvIGRyb3AKKwkJCQkJCSAqIHRoZSBjdXJyZW50IGNvbm5lY3Rpb24gdG8gZG8g c28sIHRob3VnaC4KKwkJCQkJCSAqLworCQkJCQkJY29ubi0+dHJ5X2dzcyA9IGZhbHNlOwor CQkJCQkJbmVlZF9uZXdfY29ubmVjdGlvbiA9IHRydWU7CisJCQkJCQlnb3RvIGtlZXBfZ29p bmc7CisJCQkJCX0KKwkJCQkJLyogRWxzZSBpdCdzIGEgaGFyZCBmYWlsdXJlICovCisJCQkJ CWdvdG8gZXJyb3JfcmV0dXJuOwogCQkJCX0KKwkJCQkvKiBFbHNlLCByZXR1cm4gUE9MTElO R19SRUFESU5HIG9yIFBPTExJTkdfV1JJVElORyBzdGF0dXMgKi8KIAkJCQlyZXR1cm4gcG9s bHJlczsKICNlbHNlCQkJCQkJCS8qICFFTkFCTEVfR1NTICovCiAJCQkJLyogdW5yZWFjaGFi bGUgKi8KLS0gCjIuMjUuMQoK --------------nveu0geLSgQOHG81vGvhOIjl--