Verify that the server constructed the SCRAM nonce correctly.

The nonce consists of client and server nonces concatenated together. The client checks the nonce contained the client nonce, but it would get fooled if the server sent a truncated or even empty nonce. Reported by Steven Fackler to security@postgresql.org. Neither me or Steven are sure what harm a malicious server could do with this, but let's fix it.

Verify that the server constructed the SCRAM nonce correctly.
The nonce consists of client and server nonces concatenated together. The client checks the nonce contained the client nonce, but it would get fooled if the server sent a truncated or even empty nonce. Reported by Steven Fackler to security@postgresql.org. Neither me or Steven are sure what harm a malicious server could do with this, but let's fix it.
1c9b6e81 · Heikki Linnakangas · d951db2e · 1c9b6e81
Commit 1c9b6e81 authored May 23, 2017 by Heikki Linnakangas
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

src/interfaces/libpq/fe-auth-scram.c src/interfaces/libpq/fe-auth-scram.c +2 -1

No files found.
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -430,7 +430,8 @@ read_server_first_message(fe_scram_state *state, char *input,
 	}
 	/* Verify immediately that the server used our part of the nonce */
-	if (strncmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
+	if (strlen(nonce) < strlen(state->client_nonce) ||
+		memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0)
 	{
 		printfPQExpBuffer(errormessage,
 				 libpq_gettext("invalid SCRAM response (nonce mismatch)\n"));