summaryrefslogtreecommitdiff
path: root/Assistant
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2012-09-11 11:48:50 -0400
committerGravatar Joey Hess <joey@kitenet.net>2012-09-11 11:48:50 -0400
commit084dc188c700c1ff7c0ce5db86715b2ece5bf6f2 (patch)
tree1c670ad7342895eee7b289cd7790a27da19bb290 /Assistant
parent57bee4b43076be2dfe60c47088c8b1f095278248 (diff)
additional security sanity checks on pairing messages
Diffstat (limited to 'Assistant')
-rw-r--r--Assistant/Threads/PairListener.hs24
1 files changed, 19 insertions, 5 deletions
diff --git a/Assistant/Threads/PairListener.hs b/Assistant/Threads/PairListener.hs
index 09fd9513d..93eef65ba 100644
--- a/Assistant/Threads/PairListener.hs
+++ b/Assistant/Threads/PairListener.hs
@@ -22,6 +22,7 @@ import Utility.Tense
import Network.Multicast
import Network.Socket
import qualified Data.Text as T
+import Data.Char
thisThread :: ThreadName
thisThread = "PairListener"
@@ -36,16 +37,18 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
go sock cache = getmsg sock [] >>= \msg -> case readish msg of
Nothing -> go sock cache
Just m -> do
+ sane <- checkSane msg
(pip, verified) <- verificationCheck m
=<< (pairingInProgress <$> getDaemonStatus dstatus)
- case pairMsgStage m of
- PairReq -> do
+ case (sane, pairMsgStage m) of
+ (False, _) -> go sock cache
+ (_, PairReq) -> do
pairReqReceived verified dstatus urlrenderer m
go sock $ invalidateCache m cache
- PairAck -> do
+ (_, PairAck) -> do
pairAckReceived verified pip st dstatus scanremotes m cache
>>= go sock
- PairDone -> do
+ (_, PairDone) -> do
pairDoneReceived verified pip st dstatus scanremotes m
go sock cache
@@ -53,7 +56,8 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
- check its UUID against the UUID we have stored. If
- they're the same, someone is sending bogus messages,
- which could be an attempt to brute force the shared
- - secret. -}
+ - secret.
+ -}
verificationCheck m (Just pip) = do
let verified = verifiedPairMsg m pip
let sameuuid = pairUUID (inProgressPairData pip) == pairUUID (pairMsgData $ m)
@@ -65,6 +69,16 @@ pairListenerThread st dstatus scanremotes urlrenderer = thread $ withSocketsDo $
return (Nothing, False)
else return (Just pip, verified && sameuuid)
verificationCheck _ Nothing = return (Nothing, False)
+
+ {- Various sanity checks on the content of the message. -}
+ checkSane msg
+ {- Control characters could be used in a
+ - console poisoning attack. -}
+ | any isControl msg || any (`elem` "\r\n") msg = do
+ runThreadState st $
+ warning "illegal control characters in pairing message; ignoring"
+ return False
+ | otherwise = return True
{- PairReqs invalidate the cache of recently finished pairings.
- This is so that, if a new pairing is started with the