[pgpool-committers: 8141] pgpool: Reject extraneous data after SSL encryption handshake.

Tatsuo Ishii ishii at sraoss.co.jp
Thu Nov 18 08:59:36 JST 2021


Reject extraneous data after SSL encryption handshake.

In the server side implementation of SSL negotiation
(pool_ssl_negotiate_serverclient()), it was possible for a
man-in-the-middle attacker to inject arbitrary SQL commands. This is
possible if Pgpool-II is configured to use cert authentication or
hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.

Similarly, in the client side implementation of SSL negotiation
(pool_ssl_negotiate_clientserver()), it was possible for a
man-in-the-middle attacker to inject arbitrary responses. This is
possible if PostgreSQL is using trust authentication with a clientcert
requirement. It is not possible with cert authentication because
Pgpool-II does not implement the cert authentication between Pgpool-II

To fix these reject extraneous data in the read buffer after SSL
encryption handshake.
and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.

Branch
------
V3_6_STABLE

Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=06ae225dc39e4118a7d656c3c955ce8a9f7b6a31

Modified Files
--------------
src/utils/pool_ssl.c | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)



More information about the pgpool-committers mailing list