Abort SSL negotiation if backend sends an error message.

In the client side implementation of SSL negotiation
(pool_ssl_negotiate_clientserver()), it was possible for a
man-in-the-middle attacker to send a long error message to confuse
Pgpool-II or client while in the SSL negotiation phase. This commit
rejects the negotiation immediately (issue a FATAL error) and exits
the session to prevent such an attack.

This resembles PostgreSQL's CVE-2024-10977.
Back-through: v4.1

diff --git a/src/utils/pool_ssl.c b/src/utils/pool_ssl.c
index 6926167146d073333370e1a84aaf71d80ba3c119..8d3c8cafc41b78193af1e9a8f0629b3ea4725d44 100644 (file)
--- a/src/utils/pool_ssl.c
+++ b/src/utils/pool_ssl.c
@@ -152,6 +152,16 @@ pool_ssl_negotiate_clientserver(POOL_CONNECTION * cp)
                                        (errmsg("attempting to negotiate a secure connection"),
                                         errdetail("server doesn't want to talk SSL")));
                        break;
+               case 'E':
+                       /*
+                        * Server failure of some sort, such as failure to fork a backend
+                        * process.  Don't bother retrieving the error message; we should
+                        * not trust it as the server has not been authenticated yet.
+                        */
+                       ereport(FATAL,
+                                       (errcode(ERRCODE_PROTOCOL_VIOLATION),
+                                        errmsg("server sent an error response during SSL exchange")));
+                       break;
                default:
                        ereport(WARNING,
                                        (errmsg("error while attempting to negotiate a secure connection, unhandled response: %c", server_response)));