One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8221939 |
| Date de publication | 2021-12-01 14:27:11 (vue: 2022-11-25 18:05:33) |
| Titre | This shouldn\'t have happened: A vulnerability postmortem |
| Texte | Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about this vulnerability is just how simple it is. This should have been caught earlier, and I want to explore why that didn’t happen. In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”. First, let’s take a look at the bug, I’ll explain how I found it and then try to understand why we missed it for so long. Analysis Network Security Services (NSS) is Mozilla's widely used, cross-platform cryptography library. When you verify an ASN.1 encoded digital signature, NSS will create a VFYContext structure to store the necessary data. This includes things like the public key, the hash algorithm, and the signature itself. struct VFYContextStr { SECOidTag hashAlg; /* the hash algorithm */ SECKEYPublicKey *key; union { unsigned char buffer[1]; unsigned char dsasig[DSA_MAX_SIGNATURE_LEN]; unsigned char ecdsasig[2 * MAX_ECKEY_LEN]; unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8]; } u; unsigned int pkcs1RSADigestInfoLen; unsigned ch |
| Envoyé | Oui |
| Condensat | #include &buf &pool /* a and arbitrary b bytes case rsapsskey: char **argv char *dest cmd getchar in int llvmfuzzertestoneinput invest in is memset port portcheaparenapool rv secitem siglen size sizeof buf that’s the unsigned char buffer unsigned char dsasig unsigned char ecdsasig unsigned char rsasig which * dispatch *data /cn=bigsig 000 10000 128 16384 17th 2003 2008 2012 2014 2015 2017 2021 2048 215 224 43527 509 777 ; = eof = getchar >data >len >u is a’s able about above accommodate actual added and adjacent affects after alg algorithm algorithm; algorithms all all; also alternative always analysis analyze analyzers answer any apis appears to approaches arbitrary are areas arena around asan asan builds asn asn1 assistance attack attacker auto tpl available backport bad bar based baz because been before being benjamin bigger bigsig bits bits:$ blob blobs block blog boringssl both bounds bounties buf buffer bug bugs but bytes bytes placed c/c++ call calling can cannot capable case castunsigned char *> castunsigned int> catchy caught causing cer cert certificate certificates change changes check checked checking checksums choice chosen chrome chunks chunksize class clobbered cmd code code for colleagues combination combine combined come command command bar is commands common complex complicated component components consider const const uint8 constructed containing contains contributed controlled copied corpus correctly corruption could couldn’t coverage coverage when coverity create created creates credits cross cryptography curious customized cve data david debatable december default demonstrate demonstrates der design dest destroycheaparena destroying detect detecting did didn’t difficulty digital discarded discards discards objects discover discovered discovering discussion dispatch distilled distributes divided does doing dsa during each earlier easiest easily easy ecc eckey edge elf enc encoded encoding end engaged enough entrypoint error errors even eventually everything example exceed execution exercises experimenting explain exploitable explore extending extensive extensively extern extract extracted extremely extremes fact fail failed fails failure fast fatal fault fig files fill find fine firefox first fixed flow foo form format formed der fortune found from function future fuzz fuzzed fuzzer fuzzers fuzzes fuzzing fuzzing approach garbage generally generate generates genpkey getchar good google guided had hadn’t handle handler handlers handshake happen happened: happens hardcoded certificates has hash hashes hashobj hashobj member have helped here hidden highlight how i’ll i’m i’ve idea ideas if immediate immediately impact implementation impressive in with included includes independent independently individual infrastructure initcheaparena input inputs insert instrumentation int int a int argc int cmd; int main integers integrated interesting intra introduction involved isn’t isolate isolation issue it’s items itself june just keep key key are keygen keys kilobytes large larger largest latter layered learned least len length lessons let’s libfuzzer libraries library like likely limit limitations limited limits long longer look lot made maintained make many match mature max maximum measuring member members memcpy memory messages method methods metrics might minimal minimization misleading missed missing mistakes moderately modular library modulus monitoring more most mozilla mozilla/chrome/oss mozilla::pkix multiple must mutator mutator collection naive name necessary need negotiation neither network never new nightly no |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.