Fix #35.

pitfield · pitfield · commit 50f539638bd8 · 2021-11-11T08:24:05.000-08:00
Ensure read buffer is empty when switching to SSL/TLS.
diff --git a/Sources/PostgresClientKit/Connection.swift b/Sources/PostgresClientKit/Connection.swift
@@ -136,6 +136,11 @@ public class Connection: CustomStringConvertible {
                 throw PostgresError.sslNotSupported
             }
             
+            // The read buffer should be fully consumed at this point, so that the next byte read
+            // will have passed through SSL/TLS decryption.  If this is not the case, there must
+            // either be a server protocol error or a man-in-the-middle attack.
+            try verifyReadBufferFullyConsumed()
+            
             do {
                 let sslConfig = configuration.sslServiceConfiguration
                 let sslService = try SSLService(usingConfiguration: sslConfig)!
@@ -1212,6 +1217,12 @@ public class Connection: CustomStringConvertible {
         return c
     }
     
+    private func verifyReadBufferFullyConsumed() throws {
+        guard readBufferPosition == readBuffer.count else {
+            throw PostgresError.serverError(description: "response too long")
+        }
+    }
+    
     private func refillReadBuffer() throws {
         
         assert(readBufferPosition == readBuffer.count)
