additional security sanity checks on pairing messages

This commit is contained in:
Joey Hess 2012-09-11 11:48:50 -04:00
parent 57bee4b430
commit 084dc188c7
2 changed files with 46 additions and 9 deletions

View file

@ -22,6 +22,7 @@ import Utility.Tense
import Network.Multicast
import Network.Socket
import qualified Data.Text as T
import Data.Char
thisThread :: ThreadName
thisThread = "PairListener"
@ -36,16 +37,18 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
go sock cache = getmsg sock [] >>= \msg -> case readish msg of
Nothing -> go sock cache
Just m -> do
sane <- checkSane msg
(pip, verified) <- verificationCheck m
=<< (pairingInProgress <$> getDaemonStatus dstatus)
case pairMsgStage m of
PairReq -> do
case (sane, pairMsgStage m) of
(False, _) -> go sock cache
(_, PairReq) -> do
pairReqReceived verified dstatus urlrenderer m
go sock $ invalidateCache m cache
PairAck -> do
(_, PairAck) -> do
pairAckReceived verified pip st dstatus scanremotes m cache
>>= go sock
PairDone -> do
(_, PairDone) -> do
pairDoneReceived verified pip st dstatus scanremotes m
go sock cache
@ -53,7 +56,8 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
- check its UUID against the UUID we have stored. If
- they're the same, someone is sending bogus messages,
- which could be an attempt to brute force the shared
- secret. -}
- secret.
-}
verificationCheck m (Just pip) = do
let verified = verifiedPairMsg m pip
let sameuuid = pairUUID (inProgressPairData pip) == pairUUID (pairMsgData $ m)
@ -65,6 +69,16 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
return (Nothing, False)
else return (Just pip, verified && sameuuid)
verificationCheck _ Nothing = return (Nothing, False)
{- Various sanity checks on the content of the message. -}
checkSane msg
{- Control characters could be used in a
- console poisoning attack. -}
| any isControl msg || any (`elem` "\r\n") msg = do
runThreadState st $
warning "illegal control characters in pairing message; ignoring"
return False
| otherwise = return True
{- PairReqs invalidate the cache of recently finished pairings.
- This is so that, if a new pairing is started with the