diff options
author | Andreas Fritiofson <andreas.fritiofson@gmail.com> | 2018-01-13 21:00:47 +0100 |
---|---|---|
committer | Paul Fertser <fercerpav@gmail.com> | 2019-11-22 18:25:34 +0000 |
commit | 6d54d905413243cc65687e30669a94037a14cbe6 (patch) | |
tree | 3ecfef5b88a1ab08bfa69baef754211574d197b2 /src/server | |
parent | 9de7d9c81d91a5cfc16a1476d558d92b08d7e596 (diff) | |
download | riscv-openocd-6d54d905413243cc65687e30669a94037a14cbe6.zip riscv-openocd-6d54d905413243cc65687e30669a94037a14cbe6.tar.gz riscv-openocd-6d54d905413243cc65687e30669a94037a14cbe6.tar.bz2 |
CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks
OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:
var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");
This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:
https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758
Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reported-by: Josef Gajdusek <atx@atx.name>
Reviewed-on: http://openocd.zylin.com/4335
Tested-by: jenkins
Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Diffstat (limited to 'src/server')
-rw-r--r-- | src/server/startup.tcl | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/server/startup.tcl b/src/server/startup.tcl index 64ace40..dd1b31e 100644 --- a/src/server/startup.tcl +++ b/src/server/startup.tcl @@ -8,3 +8,14 @@ proc ocd_gdb_restart {target_id} { # one target reset halt } + +proc prevent_cps {} { + echo "Possible SECURITY ATTACK detected." + echo "It looks like somebody is sending POST or Host: commands to OpenOCD." + echo "This is likely due to an attacker attempting to use Cross Protocol Scripting" + echo "to compromise your OpenOCD instance. Connection aborted." + exit +} + +proc POST {args} { prevent_cps } +proc Host: {args} { prevent_cps } |