Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
cryptctl.4827
0001-Fix-an-issue-that-previously-allowed-a-mal...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-an-issue-that-previously-allowed-a-malicious-adm.patch of Package cryptctl.4827
From 64bd027a4ce7f63303c74291a5574a4a6c132353 Mon Sep 17 00:00:00 2001 From: HouzuoGuo <guohouzuo@gmail.com> Date: Fri, 2 Jun 2017 14:51:19 +0200 Subject: [PATCH] Fix an issue that previously allowed a malicious administrator to craft RPC request to overwrite files outside of key database. diff --git a/keyrpc/svc.go b/keyrpc/svc.go index 1b9f8bb..1568e6b 100644 --- a/keyrpc/svc.go +++ b/keyrpc/svc.go @@ -18,6 +18,7 @@ import ( "net/rpc" "os" "path" + "path/filepath" "reflect" "strings" "time" @@ -261,10 +262,24 @@ type SaveKeyReq struct { Record keydb.Record // the new key record } +// Make sure that the request attributes are sane. +func (req SaveKeyReq) Validate() error { + if req.Record.UUID == "" { + return errors.New("UUID must not be empty") + } else if cleanedID := filepath.Clean(req.Record.UUID); cleanedID != req.Record.UUID { + return errors.New("Illegal characters appeared in UUID") + } else if req.Record.MountPoint == "" { + return errors.New("Mount point must not be empty") + } + return nil +} + // Save a new key record. func (rpcConn *CryptServiceConn) SaveKey(req SaveKeyReq, _ *DummyAttr) error { if err := rpcConn.Svc.ValidatePassword(req.Password); err != nil { return err + } else if err := req.Validate(); err != nil { + return err } // Input record may not contain empty attributes req.Record.FillBlanks() diff --git a/keyrpc/svc_test.go b/keyrpc/svc_test.go index eca1b1b..b8213fd 100644 --- a/keyrpc/svc_test.go +++ b/keyrpc/svc_test.go @@ -7,9 +7,29 @@ import ( "encoding/hex" "path" "reflect" + "strings" "testing" ) +func TestCreateKeyReq_Validate(t *testing.T) { + req := SaveKeyReq{} + if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "UUID must not be empty") { + t.Fatal(err) + } + req.Record.UUID = "/root/../a-" + if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "Illegal chara") { + t.Fatal(err) + } + req.Record.UUID = "abc-def-123-ghi" + if err := req.Validate(); err == nil || !strings.Contains(err.Error(), "Mount point") { + t.Fatal(err) + } + req.Record.MountPoint = "/a" + if err := req.Validate(); err != nil { + t.Fatal(err) + } +} + func TestHashPassword(t *testing.T) { salt := [sha512.Size]byte{ 0, 0, 0, 0, 0, 0, 0, 0, -- 2.13.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor