[pgpool-committers: 8145] pgpool: Reject extraneous data after SSL encryption handshake.

Tatsuo Ishii ishii at sraoss.co.jp
Thu Nov 18 09:00:48 JST 2021


Reject extraneous data after SSL encryption handshake.

In the server side implementation of SSL negotiation
(pool_ssl_negotiate_serverclient()), it was possible for a
man-in-the-middle attacker to inject arbitrary SQL commands. This is
possible if Pgpool-II is configured to use cert authentication or
hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.

Similarly, in the client side implementation of SSL negotiation
(pool_ssl_negotiate_clientserver()), it was possible for a
man-in-the-middle attacker to inject arbitrary responses. This is
possible if PostgreSQL is using trust authentication with a clientcert
requirement. It is not possible with cert authentication because
Pgpool-II does not implement the cert authentication between Pgpool-II

To fix these reject extraneous data in the read buffer after SSL
encryption handshake.
and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.

Branch
------
V4_0_STABLE

Details
-------
https://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=fbe1d417543bb7d0a4d43e25b9435d2ec22563f7

Modified Files
--------------
src/utils/pool_ssl.c | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)



More information about the pgpool-committers mailing list