File 0001-Fix-an-issue-that-previously-allowed-a-mal... of Package cryptctl.4827

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Fix-an-issue-that-previously-allowed-a-malicious-adm.patch of Package cryptctl.4827

From 64bd027a4ce7f63303c74291a5574a4a6c132353 Mon Sep 17 00:00:00 2001
From: HouzuoGuo <guohouzuo@gmail.com>
Date: Fri, 2 Jun 2017 14:51:19 +0200
Subject: [PATCH] Fix an issue that previously allowed a malicious
 administrator to craft RPC request to overwrite files outside of key
 database.

diff --git a/keyrpc/svc.go b/keyrpc/svc.go
index 1b9f8bb..1568e6b 100644
--- a/keyrpc/svc.go
+++ b/keyrpc/svc.go
@@ -18,6 +18,7 @@ import (
 	"net/rpc"
 	"os"
 	"path"
+	"path/filepath"
 	"reflect"
 	"strings"
 	"time"
@@ -261,10 +262,24 @@ type SaveKeyReq struct {
 	Record   keydb.Record // the new key record
 }
 
+// Make sure that the request attributes are sane.
+func (req SaveKeyReq) Validate() error {
+	if req.Record.UUID == "" {
+		return errors.New("UUID must not be empty")
+	} else if cleanedID := filepath.Clean(req.Record.UUID); cleanedID != req.Record.UUID {
+		return errors.New("Illegal characters appeared in UUID")
+	} else if req.Record.MountPoint == "" {
+		return errors.New("Mount point must not be empty")
+	}
+	return nil
+}
+
 // Save a new key record.
 func (rpcConn *CryptServiceConn) SaveKey(req SaveKeyReq, _ *DummyAttr) error {
 	if err := rpcConn.Svc.ValidatePassword(req.Password); err != nil {
 		return err
+	} else if err := req.Validate(); err != nil {
+		return err
 	}
 	// Input record may not contain empty attributes
 	req.Record.FillBlanks()
diff --git a/keyrpc/svc_test.go b/keyrpc/svc_test.go
index eca1b1b..b8213fd 100644
--- a/keyrpc/svc_test.go
+++ b/keyrpc/svc_test.go
@@ -7,9 +7,29 @@ import (
 	"encoding/hex"
 	"path"
 	"reflect"
+	"strings"
 	"testing"
 )
 
+func TestCreateKeyReq_Validate(t *testing.T) {
+	req := SaveKeyReq{}
+	if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "UUID must not be empty") {
+		t.Fatal(err)
+	}
+	req.Record.UUID = "/root/../a-"
+	if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "Illegal chara") {
+		t.Fatal(err)
+	}
+	req.Record.UUID = "abc-def-123-ghi"
+	if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "Mount point") {
+		t.Fatal(err)
+	}
+	req.Record.MountPoint = "/a"
+	if err := req.Validate(); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestHashPassword(t *testing.T) {
 	salt := [sha512.Size]byte{
 		0, 0, 0, 0, 0, 0, 0, 0,
-- 
2.13.0

Places

File 0001-Fix-an-issue-that-previously-allowed-a-malicious-adm.patch of Package cryptctl.4827

Places