These errors stem from generating self-signed certificates, and enabling
SSL + SSL certificate validation in clients.
This was done without considering Windows specifics, such as
- TCP connections by default
- non-password based plugin, auth_gssapi, in every installation
To provide some relief, consider local TCP connections to be secure
transport and skip self-signed errors for them at least.
because the default value of every option is 0
(option and option.extension are bzero-ed to reset),
tls_verify_server_cert was renamed to tls_allow_invalid_server_cert
with the default value of 0, "do not allow".
API didn't change, it's still MYSQL_OPT_SSL_VERIFY_SERVER_CERT
* extend the client auth plugin API with a new callback
* relax the plugin version check to allow load a plugin with the
same major version, even if the minor versions differ
* implement the protocol extension:
- don't abort at once if the certificate is self signed and
no CA was explicitly specified
- allow it if it passes fingerprint check
- allow it if plugin has hash_password_bin callback, password was
non-empty and the control hash matches server's
they cannot be sent by the server (ma_net_safe_read() guarantees that)
so they all should be safe and not forged
also, use existing macros to check for error ranges, they are
sufficiently parenthesized to avoid compiler warnings (errors with -Werror)
about "you might want to add parentheses here"
MariaDB Connector/C does not distinguish [application-layer error
packets](https://mariadb.com/kb/en/err_packet) that it receives prior to TLS
handshake completion from those that it receives immediately after.
(A trivially modified server built from
https://github.com/dlenski/mariadb-server/commit/demonstration_of_CONC-648_vulnerability
can easily be used to demonstrate this.)
Pre-TLS error packet received from this trivially modified server. This packet
should NOT be trusted to actually originate from the server:
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pVerySecretPassword -h CONC-648.vuln.demo.server.com
ERROR 1815 (HY000): Internal error: Client will accept this error as genuine even if running with --ssl --ssl-verify-server-cert, and even though this error is sent in plaintext PRIOR TO TLS HANDSHAKE.
Post-(TLS handshake) error packet received from a normal MariaDB server upon
an attempt to connect with incorrect credentials. This error packet CAN be
trusted to actually originate from the server, assuming transitive trust in
the TLS protocol implementation and PKI-based certificate validation:
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pWrongPassword -h $NORMAL_MARIADB10.6.14_SERVER
ERROR 1045 (28000): Access denied for user 'Username'@'A.B.C.D' (using password: YES)
This client behavior opens up MariaDB Connector/C clients to an extremely
straightforward [downgrade attack](https://en.wikipedia.org/wiki/Downgrade_attack).
An on-path or pervasive attacker can inject errors into MariaDB
client→server connections that are intended to be protected by TLS, and the
client has no clear mechanism to distinguish such errors from errors that
actually come from the server.
An attacker could easily use this to DOS a client, or even influence its
behavior. For example, consider a client application which is configured…
1. To use TLS with server certificate validation
(`--ssl --ssl-verify-server-cert`), and
2. To wait for a back-off period and then *retry* connection attempts if the server
responds with `ER_CON_COUNT_ERROR` ("Too many connections") from the
server, and
3. To give up and shut down if its connection attempts fail with
`ER_ACCESS_DENIED_ERROR` ("Access denied for user"), on the assumption
that this is due to an incorrect or expired password, and cannot be
resolved without human intervention.
An attacker could completely disable the retry mechanism of this application
by intercepting connection attempts and replying with
`ER_ACCESS_DENIED_ERROR` packets.
This patch modifies MariaDB Connector/C so that if the client is configured
to use TLS, error packets received prior to the completion of the TLS
handshake are untrusted, and are changed to a generic `CR_CONNECTION_ERROR`.
$ mariadb --ssl --ssl-verify-server-cert -uUsername -pVerySecretPassword -h CONC-648.vuln.demo.server.com
ERROR 2002 (HY000): Received error packet before completion of TLS handshake. The authenticity of the following error cannot be verified:
1815 - Internal error: Client will accept this error as genuine even if running with --ssl --ssl-verify-server-cert, and even though this error is sent in plaintext PRIOR TO TLS HANDSHAKE.
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
Per @vuvova in
https://github.com/mariadb-corporation/mariadb-connector-c/pull/223#issuecomment-1854720364:
> I don't think the client should accept client-side errors from the server
> at all.
If the server sends an error packet with error codes in the ranges
`CR_{MIN,MAX}_ERROR` (codes [2000, 2999]) or `CER_{MIN,MAX}_ERROR` (codes
[5000, 5999]), we will replace these with `CR_MALFORMED_PACKET`, rather than
propagating them to the client user.
Since there is no way in the ISO C standard to specify a
non-obsolescent function prototype indicating that a
function will be called with an arbitrary number (including
zero) of arguments of arbitrary types, we have to cast the
callback function in makecontext() call to avoid compiler
warnings/errors.
See also:
https://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html
schannel_certs.c - conflicting headers, include winsock2.h before windows.h,
strerror_r is now defined also with mingw
do not build mariadb_config on Windows, getopt.h is missing
CryptOpenAlgorithmProvider() documentation states:
"We recommend that you cache any algorithm provider handles that you will
use more than once, rather than opening and closing the algorithm providers
over and over."
This patch implements algorithm handle caching,
and also simplifies how hashes are handled in win_crypt.c
- MA_HASH_CTX* is now just BCrypt hash handle.
- We no longer allocate or free memory any memory outselves.
There are small change in the ma_hash API:
ma_hash_new() lost the second parameter, only used on Windows previously
Connector is using a memory root for the result set, and
mysql_stmt_execute()/mysql_stmt_store_result(), when executed in a loop,
leads to series of ma_alloc_root() and ma_free_root() calls for the same
memory root.
The problem is that ma_alloc_root() calculates the allocation size based
on MA_MEM_ROOT::block_num, this value is incremented for larger allocation,
but is never reset. As a result, the allocation size continuously
grows, for an empty memroot.
This patch resets MA_MEM_ROOT::block_num in ma_free_root().
When checking for a semi sync indication header, we need also check if
the undocumented session variable @rpl_semi_sync_slave was set.
Otherwise the timestamp of the event could contain values which match
the 2 bytes of the semi sync header.
Since the variable rpl_semi_sync_slave and it's behavior is not documented,
a new option MARIADB_RPL_SEMI_SYNC was added.
Since extra_data (MySQL ROWSV2 event) is not part of row data,
we need to allocate memory for it's content.
Kudos to Sruli Ganor for reporting this issue and providing a fix.
Since the server certification option is used by client
only, there is no need to have this flag in server and or
client capabilities. The server itself validates client
certificate depending on the user definition.
