From 1c9b6e818f047e07f1de62b4d11e0c5db2d55ab7 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Tue, 23 May 2017 05:55:19 -0400 Subject: [PATCH] Verify that the server constructed the SCRAM nonce correctly. The nonce consists of client and server nonces concatenated together. The client checks the nonce contained the client nonce, but it would get fooled if the server sent a truncated or even empty nonce. Reported by Steven Fackler to security@postgresql.org. Neither me or Steven are sure what harm a malicious server could do with this, but let's fix it. --- src/interfaces/libpq/fe-auth-scram.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index fbb44b3f852..d2e355a8b8d 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -430,7 +430,8 @@ read_server_first_message(fe_scram_state *state, char *input, } /* Verify immediately that the server used our part of the nonce */ - if (strncmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0) + if (strlen(nonce) < strlen(state->client_nonce) || + memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0) { printfPQExpBuffer(errormessage, libpq_gettext("invalid SCRAM response (nonce mismatch)\n"));