From owner-svn-src-head@freebsd.org Sat Jun 10 16:30:59 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 859EDBF145B; Sat, 10 Jun 2017 16:30:59 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-wr0-f170.google.com (mail-wr0-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 246FF7E92F; Sat, 10 Jun 2017 16:30:58 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-wr0-f170.google.com with SMTP id v111so58911162wrc.3; Sat, 10 Jun 2017 09:30:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=0jeA36kfyMhRUdChIaJAzQk4rivJ0viHUI8bo+hp7RE=; b=aNGmv7tL+C+iGgb87KbnOqDkqNZjniS3pTQS/bMi5XnkRYeyVd39UrP7PUtg+/RDTK rwBAjwYJYtkd/iyF6Jo+A99rAGrEJ7gTy+gI6BmKRgGpiKku/GIC1dwcT0EJPrLuQwrI Yzawyl/T/FjFhunOHgH/2Vc9jq3m16bNTvWeIBVp5cqQ3UI5MmIKt3Xl9JCmpkfSZQdH ZO5bZF8EWR/Pd5aE5DrnOrdQK/WXg7qscbfKgtcr6qBmeI8pzFXgjtlSbqJMTRCDgsFS gswSkucvAdgB1pMgL/3NRMphOTjJI/G4NvdBUodgrSZU9jPlOZ4XNI5chdqUH8L3sZf/ 389w== X-Gm-Message-State: AODbwcCi0my3wAAPZhLoqVD/gf5WIQleeoi4UMgKwedNZLSJSVac7Rta /953kva3M9rQTddntrY= X-Received: by 10.223.139.210 with SMTP id w18mr2648037wra.19.1497110787600; Sat, 10 Jun 2017 09:06:27 -0700 (PDT) Received: from mail-wr0-f170.google.com (mail-wr0-f170.google.com. [209.85.128.170]) by smtp.gmail.com with ESMTPSA id e24sm7921019wre.54.2017.06.10.09.06.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Jun 2017 09:06:27 -0700 (PDT) Received: by mail-wr0-f170.google.com with SMTP id g76so58325494wrd.1; Sat, 10 Jun 2017 09:06:27 -0700 (PDT) X-Received: by 10.80.191.76 with SMTP id g12mr23204219edk.12.1497110787325; Sat, 10 Jun 2017 09:06:27 -0700 (PDT) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 10.80.164.154 with HTTP; Sat, 10 Jun 2017 09:06:26 -0700 (PDT) In-Reply-To: <201706020235.v522ZGeC076100@repo.freebsd.org> References: <201706020235.v522ZGeC076100@repo.freebsd.org> From: Conrad Meyer Date: Sat, 10 Jun 2017 09:06:26 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r319487 - head/usr.sbin/bhyve To: Marcelo Araujo Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jun 2017 16:30:59 -0000 Hi, See inline comments below. On Thu, Jun 1, 2017 at 7:35 PM, Marcelo Araujo wrote: > Author: araujo > Date: Fri Jun 2 02:35:16 2017 > New Revision: 319487 > URL: https://svnweb.freebsd.org/changeset/base/319487 > > Log: > Add VNC Authentication support based on RFC6143 section 7.2.2. > > ... > > Modified: head/usr.sbin/bhyve/rfb.c > ============================================================================== > --- head/usr.sbin/bhyve/rfb.c Fri Jun 2 01:00:40 2017 (r319486) > +++ head/usr.sbin/bhyve/rfb.c Fri Jun 2 02:35:16 2017 (r319487) > ... > @@ -739,8 +754,19 @@ rfb_handle(struct rfb_softc *rc, int cfd) > { > const char *vbuf = "RFB 003.008\n"; > unsigned char buf[80]; > + unsigned char *message; > + > +#ifndef NO_OPENSSL > + unsigned char challenge[AUTH_LENGTH]; > + unsigned char keystr[PASSWD_LENGTH]; Here, keystr is not zero initialized. > + unsigned char crypt_expected[AUTH_LENGTH]; > + > + DES_key_schedule ks; > + int i; > +#endif > + > pthread_t tid; > - uint32_t sres; > + uint32_t sres; > int len; > > rc->cfd = cfd; > @@ -751,19 +777,91 @@ rfb_handle(struct rfb_softc *rc, int cfd) > ... > + case SECURITY_TYPE_VNC_AUTH: > + /* > + * The client encrypts the challenge with DES, using a password > + * supplied by the user as the key. > + * To form the key, the password is truncated to > + * eight characters, or padded with null bytes on the right. Note that strncpy below does not fill the remainder of the buffer with nuls if rc->password is shorter than 7 characters. > + * The client then sends the resulting 16-bytes response. > + */ > +#ifndef NO_OPENSSL > + strncpy(keystr, rc->password, PASSWD_LENGTH); > + > + /* VNC clients encrypts the challenge with all the bit fields > + * in each byte of the password mirrored. > + * Here we flip each byte of the keystr. > + */ > + for (i = 0; i < PASSWD_LENGTH; i++) { > + keystr[i] = (keystr[i] & 0xF0) >> 4 > + | (keystr[i] & 0x0F) << 4; > + keystr[i] = (keystr[i] & 0xCC) >> 2 > + | (keystr[i] & 0x33) << 2; > + keystr[i] = (keystr[i] & 0xAA) >> 1 > + | (keystr[i] & 0x55) << 1; > + } Above is the first place stack garbage in keystr is accessed if rc->password was shorter than 7 characters. > + > ... > + /* Encrypt the Challenge with DES */ > + DES_set_key((C_Block *)keystr, &ks); Stack garbage in keystr is used as a DES block here. > + DES_ecb_encrypt((C_Block *)challenge, > + (C_Block *)crypt_expected, &ks, DES_ENCRYPT); > + DES_ecb_encrypt((C_Block *)(challenge + PASSWD_LENGTH), > + (C_Block *)(crypt_expected + PASSWD_LENGTH), > + &ks, DES_ENCRYPT); > + > + if (memcmp(crypt_expected, buf, AUTH_LENGTH) != 0) { > + message = "Auth Failed: Invalid Password."; > + sres = htonl(1); > + } else > + sres = 0; > +#else > + sres = 0; > + WPRINTF(("Auth not supported, no OpenSSL in your system")); > +#endif > + > + break; > + } > + > ... I'd suggest zero initializing keystr. I noticed this while investigating Coverity CID 1375945, which is sort of a false positive. It did helpfully point out the broken transition from C string to fixed-length buffer, though. Best, Conrad