mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-09 08:10:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Verify that the server constructed the SCRAM nonce correctly.

Browse Source 
The nonce consists of client and server nonces concatenated together. The
client checks the nonce contained the client nonce, but it would get fooled
if the server sent a truncated or even empty nonce.

Reported by Steven Fackler to security@postgresql.org. Neither me or Steven
are sure what harm a malicious server could do with this, but let's fix it.
This commit is contained in:
Heikki Linnakangas 2017-05-23 05:55:19 -04:00
parent d951db2eff
commit 1c9b6e818f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/interfaces/libpq/fe-auth-scram.c
View File

@ -430,7 +430,8 @@ read_server_first_message(fe_scram_state *state, char *input,
}
/* Verify immediately that the server used our part of the nonce */
if (strncmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
if (strlen(nonce) < strlen(state->client_nonce) ||
memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
{
printfPQExpBuffer(errormessage,
libpq_gettext("invalid SCRAM response (nonce mismatch)\n"));