These errors stem from generating self-signed certificates, and enabling
SSL + SSL certificate validation in clients.
This was done without considering Windows specifics, such as
- TCP connections by default
- non-password based plugin, auth_gssapi, in every installation
To provide some relief, consider local TCP connections to be secure
transport and skip self-signed errors for them at least.
because the default value of every option is 0
(option and option.extension are bzero-ed to reset),
tls_verify_server_cert was renamed to tls_allow_invalid_server_cert
with the default value of 0, "do not allow".
API didn't change, it's still MYSQL_OPT_SSL_VERIFY_SERVER_CERT
* extend the client auth plugin API with a new callback
* relax the plugin version check to allow load a plugin with the
same major version, even if the minor versions differ
* implement the protocol extension:
- don't abort at once if the certificate is self signed and
no CA was explicitly specified
- allow it if it passes fingerprint check
- allow it if plugin has hash_password_bin callback, password was
non-empty and the control hash matches server's
Connector library version resource should contain the server's numeric
version as FileVersion, when connector will be included into server
installation. Otherwise, file version will match the connectors CPACK
variables.
Prior to this patch, all libraries produced by connector, had a hardcoded
file version 3.0.0.7, which was neither the server's , nor the client's.
Also fix the Translation info in the version resource so it has valid LCID
If CMAKE_COMPILE_WARNING_AS_ERROR is set, ígnore DIY logic.
CMAKE_COMPILE_WARNING_AS_ERROR is available since CMake 3.24
-DCMAKE_COMPILE_WARNING_AS_ERROR=0 will also help to avoid currently
unconditional "warning is error" when building standalone or via
ExternalProject_Add
they cannot be sent by the server (ma_net_safe_read() guarantees that)
so they all should be safe and not forged
also, use existing macros to check for error ranges, they are
sufficiently parenthesized to avoid compiler warnings (errors with -Werror)
about "you might want to add parentheses here"
MariaDB Connector/C does not distinguish [application-layer error
packets](https://mariadb.com/kb/en/err_packet) that it receives prior to TLS
handshake completion from those that it receives immediately after.
(A trivially modified server built from
https://github.com/dlenski/mariadb-server/commit/demonstration_of_CONC-648_vulnerability
can easily be used to demonstrate this.)
Pre-TLS error packet received from this trivially modified server. This packet
should NOT be trusted to actually originate from the server:
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pVerySecretPassword -h CONC-648.vuln.demo.server.com
ERROR 1815 (HY000): Internal error: Client will accept this error as genuine even if running with --ssl --ssl-verify-server-cert, and even though this error is sent in plaintext PRIOR TO TLS HANDSHAKE.
Post-(TLS handshake) error packet received from a normal MariaDB server upon
an attempt to connect with incorrect credentials. This error packet CAN be
trusted to actually originate from the server, assuming transitive trust in
the TLS protocol implementation and PKI-based certificate validation:
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pWrongPassword -h $NORMAL_MARIADB10.6.14_SERVER
ERROR 1045 (28000): Access denied for user 'Username'@'A.B.C.D' (using password: YES)
This client behavior opens up MariaDB Connector/C clients to an extremely
straightforward [downgrade attack](https://en.wikipedia.org/wiki/Downgrade_attack).
An on-path or pervasive attacker can inject errors into MariaDB
client→server connections that are intended to be protected by TLS, and the
client has no clear mechanism to distinguish such errors from errors that
actually come from the server.
An attacker could easily use this to DOS a client, or even influence its
behavior. For example, consider a client application which is configured…
1. To use TLS with server certificate validation
(`--ssl --ssl-verify-server-cert`), and
2. To wait for a back-off period and then *retry* connection attempts if the server
responds with `ER_CON_COUNT_ERROR` ("Too many connections") from the
server, and
3. To give up and shut down if its connection attempts fail with
`ER_ACCESS_DENIED_ERROR` ("Access denied for user"), on the assumption
that this is due to an incorrect or expired password, and cannot be
resolved without human intervention.
An attacker could completely disable the retry mechanism of this application
by intercepting connection attempts and replying with
`ER_ACCESS_DENIED_ERROR` packets.
This patch modifies MariaDB Connector/C so that if the client is configured
to use TLS, error packets received prior to the completion of the TLS
handshake are untrusted, and are changed to a generic `CR_CONNECTION_ERROR`.
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pVerySecretPassword -h CONC-648.vuln.demo.server.com
ERROR 2002 (HY000): Received error packet before completion of TLS handshake. The authenticity of the following error cannot be verified:
1815 - Internal error: Client will accept this error as genuine even if running with --ssl --ssl-verify-server-cert, and even though this error is sent in plaintext PRIOR TO TLS HANDSHAKE.
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
Per @vuvova in
https://github.com/mariadb-corporation/mariadb-connector-c/pull/223#issuecomment-1854720364:
> I don't think the client should accept client-side errors from the server
> at all.
If the server sends an error packet with error codes in the ranges
`CR_{MIN,MAX}_ERROR` (codes [2000, 2999]) or `CER_{MIN,MAX}_ERROR` (codes
[5000, 5999]), we will replace these with `CR_MALFORMED_PACKET`, rather than
propagating them to the client user.
Skip character set tests which set character set
during handshake, since MaxScale sends utf8mb4 via
session_track information in handshake OK packet.
(https://jira.mariadb.org/browse/MXS-4898).
Client programs can use pipe handle via mysql_get_socket().
They also might want to use IO completion ports with this handle.
Prevent IOCP notifications to be sent to completion port, for internal
read and write with timeout.
Since there is no way in the ISO C standard to specify a
non-obsolescent function prototype indicating that a
function will be called with an arbitrary number (including
zero) of arguments of arbitrary types, we have to cast the
callback function in makecontext() call to avoid compiler
warnings/errors.
See also:
https://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html
schannel_certs.c - conflicting headers, include winsock2.h before windows.h,
strerror_r is now defined also with mingw
do not build mariadb_config on Windows, getopt.h is missing
CryptOpenAlgorithmProvider() documentation states:
"We recommend that you cache any algorithm provider handles that you will
use more than once, rather than opening and closing the algorithm providers
over and over."
This patch implements algorithm handle caching,
and also simplifies how hashes are handled in win_crypt.c
- MA_HASH_CTX* is now just BCrypt hash handle.
- We no longer allocate or free memory any memory outselves.
There are small change in the ma_hash API:
ma_hash_new() lost the second parameter, only used on Windows previously
