Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

From: "Navarro, David" <david.navarro@xxxxxxxxx>
Date: Wed, 27 Apr 2016 09:03:46 +0000
Accept-language: en-US
Delivered-to: wakaama-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/wakaama-dev>
List-help: <mailto:wakaama-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/wakaama-dev>, <mailto:wakaama-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/wakaama-dev>, <mailto:wakaama-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdGf1wUlaYw+83KVQb2ibXyjSpNmOgAiyLEg
Thread-topic: Security Fix: PSK Keys Might Be Truncated

Hi Frank,

The psk string is always nil-terminated as it is initialized to 0 by the Linux kernel, the targeted platform for the example applications.

Please keep in mind this is example code, not production code. In a real product, do not base your Security Object on this code.

Regards,

David Navarro

From: wakaama-dev-bounces@xxxxxxxxxxx [mailto:wakaama-dev-bounces@xxxxxxxxxxx] On Behalf Of Frank Gerlach
Sent: Tuesday, 26 April, 2016 18:17
To: wakaama-dev@xxxxxxxxxxx
Subject: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

Hello all,

As mentioned in previous emails, the following code represents a security risk, because keys would be truncated at the first zero-valued octet.

Also, the behavior is UNDEFINED, when there is no zero after the the psk buffer.

Please fix.

Thanks

Frank Gerlach

--- a/examples/client/object_security.c

+++ b/examples/client/object_security.c

@@ -507,7 +507,10 @@ lwm2m_object_t * get_security_object(int serverId,

targetP->securityMode = LWM2M_SECURITY_MODE_PRE_SHARED_KEY;

targetP->publicIdentity = strdup(bsPskId);

targetP->publicIdLen = strlen(bsPskId);

- targetP->secretKey = strdup(psk);

+ targetP->secretKey = malloc(pskLen+1);

+ targetP->secretKey[pskLen]=0;//make sure some other dirty code does not crash

+ memcpy(targetP->secretKey,psk,pskLen);

+ //WRONG: targetP->secretKey = strdup(psk);

Frank Gerlach

Senior Software Engineer

Office: +375 17 389 0100 x 23178 Cell: +375 29 877 4976 Email: frank_gerlach@xxxxxxxx

Minsk, Belarus (GMT+3) epam.com

CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies.

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris,
92196 Meudon Cedex, France
Registration Number: 302 456 199 R.C.S. NANTERRE
Capital: 4,572,000 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

References:
- [wakaama-dev] Security Fix: PSK Keys Might Be Truncated
  - From: Frank Gerlach

Prev by Date: [wakaama-dev] Potential Scalability Issues in Wakaama (linked lists)
Next by Date: Re: [wakaama-dev] Potential Scalability Issues in Wakaama (linked lists)
Previous by thread: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated
Next by thread: Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated
Index(es):
- Date
- Thread

Breadcrumbs