Code Review / openocd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 9de7d9c)
CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks 35/4335/3
authorAndreas Fritiofson <andreas.fritiofson@gmail.com>
Sat, 13 Jan 2018 20:00:47 +0000 (21:00 +0100)
committerPaul Fertser <fercerpav@gmail.com>
Fri, 22 Nov 2019 18:25:34 +0000 (18:25 +0000)
OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:

var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");

This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:

https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758

Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reported-by: Josef Gajdusek <atx@atx.name>
Reviewed-on: http://openocd.zylin.com/4335
Tested-by: jenkins
Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
src/server/startup.tcl patch | blob | history

diff --git a/src/server/startup.tcl b/src/server/startup.tcl
index 64ace40795e35a26033a8f6f69027f495a9e5cfc..dd1b31e417dd15942a3906dbf3b25a5734aa062e 100644 (file)
--- a/src/server/startup.tcl
+++ b/src/server/startup.tcl
@@ -8,3 +8,14 @@ proc ocd_gdb_restart {target_id} {
        # one target
        reset halt
 }
        # one target
        reset halt
 }
+
+proc prevent_cps {} {
+       echo "Possible SECURITY ATTACK detected."
+       echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
+       echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
+       echo "to compromise your OpenOCD instance. Connection aborted."
+       exit
+}
+
+proc POST {args} { prevent_cps }
+proc Host: {args} { prevent_cps }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)