Details
Description
If the MariaDB client is running with --ssl --ssl-verify-server-cert, it should not trust any application-level traffic received prior to the completion of the TLS handshake and the validation of the server's TLS certificate.
The MariaDB client (as built from [v3.3.5](https://github.com/mariadb-corporation/mariadb-connector-c/releases/tag/v3.3.5)) violates this expectation, making it trivially susceptible to DOS by untrusted on-path attackers, even when the user has explicitly specified --ssl --ssl-verify-server-cert.
Demonstration:
- Build dlenski/mariadb-server:demonstration_of_CONC-648_vulnerability
- This commit modifies the server to unconditionally send an error packet to the client, prior to authentication and prior to TLS handshake and server certificate validation:
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 80d52ce18fc..283b095f2eb 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -14457,6 +14457,14 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
DBUG_ASSERT(mpvio.status == MPVIO_EXT::RESTART ||
mpvio.status == MPVIO_EXT::SUCCESS);
}
+ else if (1)
+ {
+ my_error(ER_INTERNAL_ERROR, MYF(0),
+ "Client will accept this error as genuine even if running with "
+ "--ssl --ssl-verify-server-cert, and even though this error is "
+ "sent in plaintext PRIOR TO TLS HANDSHAKE.");
+ res= CR_ERROR;
+ }
else
{
/* mark the thd as having no scramble yet */
- This commit modifies the server to unconditionally send an error packet to the client, prior to authentication and prior to TLS handshake and server certificate validation:
- Start the server, e.g.
$ DIR=$(mktemp -d); mkdir -p $DIR/data; sql/mariadbd --no-defaults --datadir=$DIR/data --socket=$DIR/mysql.sock --skip-grant-tables --debug
…
2023-06-05 15:24:07 0 [Note] sql/mariadbd: ready for connections.
Version: '10.11.4-MariaDB-debug' socket: '/tmp/tmp.P4FvcEcKrH/mysql.sock' port: 3306 Source distribution
- Attempt to connect to it with --ssl --ssl-verify-server-cert:
$ client/mariadb -h 127.0.0.1
ERROR 1815 (HY000): Internal error: Client will accept this error as genuine even if running with --ssl --ssl-verify-server-cert, and even though this error is sent in plaintext PRIOR TO TLS HANDSHAKE.
Running tcpdump in the background confirms that the client is improperly accepting the error packet, even though it has been sent in plaintext and without a TLS handshake:
$ sudo tcpdump -n -X -i lo tcp port 3306
|
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
|
15:24:46.182853 IP 127.0.0.1.40234 > 127.0.0.1.3306: Flags [S], seq 1546762979, win 65495, options [mss 65495,sackOK,TS val 113496632 ecr 0,nop,wscale 7], length 0
|
0x0000: 4500 003c 2b03 4000 8006 d1b6 7f00 0001 E..<+.@......... # TCP handshake, no application-level content
|
0x0010: 7f00 0001 9d2a 0cea 5c31 bae3 0000 0000 .....*..\1......
|
0x0020: a002 ffd7 fe30 0000 0204 ffd7 0402 080a .....0..........
|
0x0030: 06c3 d238 0000 0000 0103 0307 ...8........
|
15:24:46.182917 IP 127.0.0.1.3306 > 127.0.0.1.40234: Flags [S.], seq 3238764927, ack 1546762980, win 65483, options [mss 65495,sackOK,TS val 113496632 ecr 113496632,nop,wscale 7], length 0
|
0x0000: 4500 003c 0000 4000 8006 fcb9 7f00 0001 E..<..@......... # TCP handshake, no application-level content
|
0x0010: 7f00 0001 0cea 9d2a c10b a17f 5c31 bae4 .......*....\1..
|
0x0020: a012 ffcb fe30 0000 0204 ffd7 0402 080a .....0..........
|
0x0030: 06c3 d238 06c3 d238 0103 0307 ...8...8....
|
15:24:46.182957 IP 127.0.0.1.40234 > 127.0.0.1.3306: Flags [.], ack 1, win 512, options [nop,nop,TS val 113496632 ecr 113496632], length 0
|
0x0000: 4500 0034 2b04 4000 8006 d1bd 7f00 0001 E..4+.@......... # TCP handshake, no application-level content
|
0x0010: 7f00 0001 9d2a 0cea 5c31 bae4 c10b a180 .....*..\1......
|
0x0020: 8010 0200 fe28 0000 0101 080a 06c3 d238 .....(.........8
|
0x0030: 06c3 d238 ...8
|
15:24:46.185305 IP 127.0.0.1.3306 > 127.0.0.1.40234: Flags [P.], seq 1:189, ack 1, win 512, options [nop,nop,TS val 113496635 ecr 113496632], length 188
|
0x0000: 4508 00f0 622c 4000 8006 99d1 7f00 0001 E...b,@.........
|
0x0010: 7f00 0001 0cea 9d2a c10b a180 5c31 bae4 .......*....\1..
|
0x0020: 8018 0200 fee4 0000 0101 080a 06c3 d23b ...............;
|
0x0030: 06c3 d238 b800 0000 ff17 0749 6e74 6572 ...8.......Inter # [b8 00 00 00]: header { [b8 00 00] = length following header, 0xb8 bytes, [00]: sequence number (https://mariadb.com/kb/en/0-packet) }
|
0x0040: 6e61 6c20 6572 726f 723a 2043 6c69 656e nal.error:.Clien # [ff]: ERR_Packet (https://mariadb.com/kb/en/err_packet/)
|
0x0050: 7420 7769 6c6c 2061 6363 6570 7420 7468 t.will.accept.th # [17 07]: error ER_INTERNAL_ERROR (https://mariadb.com/kb/en/mariadb-error-codes)
|
0x0060: 6973 2065 7272 6f72 2061 7320 6765 6e75 is.error.as.genu # [remaining 0xb5 bytes] human-readable message = "Internal error: Client … TLS HANDSHAKE."
|
0x0070: 696e 6520 6576 656e 2069 6620 7275 6e6e ine.even.if.runn
|
0x0080: 696e 6720 7769 7468 202d 2d73 736c 202d ing.with.--ssl.-
|
0x0090: 2d73 736c 2d76 6572 6966 792d 7365 7276 -ssl-verify-serv
|
0x00a0: 6572 2d63 6572 742c 2061 6e64 2065 7665 er-cert,.and.eve
|
0x00b0: 6e20 7468 6f75 6768 2074 6869 7320 6572 n.though.this.er
|
0x00c0: 726f 7220 6973 2073 656e 7420 696e 2070 ror.is.sent.in.p
|
0x00d0: 6c61 696e 7465 7874 2050 5249 4f52 2054 laintext.PRIOR.T
|
0x00e0: 4f20 544c 5320 4841 4e44 5348 414b 452e O.TLS.HANDSHAKE.
|
Attachments
Issue Links
- relates to
-
CONC-654 Client improperly sends identifying information in plaintext prior to TLS handshake
- Open
-
MDEV-28634 Client's --ssl-* options (without --ssl-verify-server-cert) are silently ignored if TLS is not possible
- Closed