diff options
author | Joey Hess <joeyh@joeyh.name> | 2015-02-09 16:34:57 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2015-02-09 16:34:57 -0400 |
commit | df60c8197975496605b375ce93d3607dc843fe37 (patch) | |
tree | 270958a3c5621ed04f824e05f9cf438df1ee51d4 /Assistant | |
parent | 8d34737ac0693bb448f016f195d5082dc8e6d3df (diff) |
assistant: Improve sanity check for control characters when pairing.
Diffstat (limited to 'Assistant')
-rw-r--r-- | Assistant/Pairing.hs | 9 | ||||
-rw-r--r-- | Assistant/Threads/PairListener.hs | 21 |
2 files changed, 15 insertions, 15 deletions
diff --git a/Assistant/Pairing.hs b/Assistant/Pairing.hs index 492b98592..b24e5fdb6 100644 --- a/Assistant/Pairing.hs +++ b/Assistant/Pairing.hs @@ -58,6 +58,15 @@ data PairData = PairData } deriving (Eq, Read, Show) +checkSane :: PairData -> Bool +checkSane p = all (not . any isControl) + [ fromMaybe "" (remoteHostName p) + , remoteUserName p + , remoteDirectory p + , remoteSshPubKey p + , fromUUID (pairUUID p) + ] + type UserName = String {- A pairing that is in progress has a secret, a thread that is diff --git a/Assistant/Threads/PairListener.hs b/Assistant/Threads/PairListener.hs index a02b8b91a..e4f87494c 100644 --- a/Assistant/Threads/PairListener.hs +++ b/Assistant/Threads/PairListener.hs @@ -16,13 +16,11 @@ import Assistant.WebApp.Types import Assistant.Alert import Assistant.DaemonStatus import Utility.ThreadScheduler -import Utility.Format import Git import Network.Multicast import Network.Socket import qualified Data.Text as T -import Data.Char pairListenerThread :: UrlRenderer -> NamedThread pairListenerThread urlrenderer = namedThread "PairListener" $ do @@ -39,16 +37,18 @@ pairListenerThread urlrenderer = namedThread "PairListener" $ do Nothing -> go reqs cache sock Just m -> do debug ["received", show msg] - sane <- checkSane msg (pip, verified) <- verificationCheck m =<< (pairingInProgress <$> getDaemonStatus) let wrongstage = maybe False (\p -> pairMsgStage m <= inProgressPairStage p) pip let fromus = maybe False (\p -> remoteSshPubKey (pairMsgData m) == remoteSshPubKey (inProgressPairData p)) pip - case (wrongstage, fromus, sane, pairMsgStage m) of + case (wrongstage, fromus, checkSane (pairMsgData m), pairMsgStage m) of (_, True, _, _) -> do debug ["ignoring message that looped back"] go reqs cache sock - (_, _, False, _) -> go reqs cache sock + (_, _, False, _) -> do + liftAnnex $ warning + "illegal control characters in pairing message; ignoring" + go reqs cache sock -- PairReq starts a pairing process, so a -- new one is always heeded, even if -- some other pairing is in process. @@ -83,19 +83,10 @@ pairListenerThread urlrenderer = namedThread "PairListener" $ do "detected possible pairing brute force attempt; disabled pairing" stopSending pip return (Nothing, False) - |otherwise = return (Just pip, verified && sameuuid) + | otherwise = return (Just pip, verified && sameuuid) where verified = verifiedPairMsg m pip sameuuid = pairUUID (inProgressPairData pip) == pairUUID (pairMsgData m) - - checkSane msg - {- Control characters could be used in a - - console poisoning attack. -} - | any isControl (filter (/= '\n') (decode_c msg)) = do - liftAnnex $ warning - "illegal control characters in pairing message; ignoring" - return False - | otherwise = return True {- PairReqs invalidate the cache of recently finished pairings. - This is so that, if a new pairing is started with the |