48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
Subject: Prevent some forms of Cross Protocol Scripting attacks
|
|
Author: Andreas Fritiofson <andreas.fritiofson@gmail.com>
|
|
Origin: other, http://openocd.zylin.com/#/c/4335/
|
|
Bug-Debian: https://bugs.debian.org/887488
|
|
Last-Update: 2018-01-18
|
|
|
|
From 3a223ca3ebc7ac24d7726a0cd58e5695bc813657 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Fritiofson <andreas.fritiofson@gmail.com>
|
|
Date: Sat, 13 Jan 2018 21:00:47 +0100
|
|
Subject: [PATCH] CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks
|
|
|
|
OpenOCD can be targeted by a Cross Protocol Scripting attack from
|
|
a web browser running malicious code, such as the following PoC:
|
|
|
|
var x = new XMLHttpRequest();
|
|
x.open("POST", "http://127.0.0.1:4444", true);
|
|
x.send("exec xcalc\r\n");
|
|
|
|
This mitigation should provide some protection from browser-based
|
|
attacks and is based on the corresponding fix in Redis:
|
|
|
|
https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758
|
|
|
|
Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
|
|
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
|
|
Reported-by: Josef Gajdusek <atx@atx.name>
|
|
---
|
|
|
|
diff --git a/src/server/startup.tcl b/src/server/startup.tcl
|
|
index 64ace40..dd1b31e 100644
|
|
--- a/src/server/startup.tcl
|
|
+++ b/src/server/startup.tcl
|
|
@@ -8,3 +8,14 @@
|
|
# one target
|
|
reset halt
|
|
}
|
|
+
|
|
+proc prevent_cps {} {
|
|
+ echo "Possible SECURITY ATTACK detected."
|
|
+ echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
|
|
+ echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
|
|
+ echo "to compromise your OpenOCD instance. Connection aborted."
|
|
+ exit
|
|
+}
|
|
+
|
|
+proc POST {args} { prevent_cps }
|
|
+proc Host: {args} { prevent_cps }
|