rpms / fish

Clone
Source Code
GIT

Blame fish-webconfig-CVE-2014-2914-followup-1.patch

c10s-sig-cloud-openstack-epoxy c8s-sig-hyperscale c9s-sig-hyperscale
  1.   e861ac7b15d003157dd4badf887c2b8c827e9174
  2.   fish-webconfig-CVE-2014-2914-followup-1.patch
Blob History Raw
Andy Lutomirski 4de0b6 
commit 78e2b7cc0897de3eb2a8cdc0f5efe49a34402f9d
Andy Lutomirski 4de0b6 
Author: Andy Lutomirski <luto@amacapital.net>
Andy Lutomirski 4de0b6 
Date:   Mon Aug 11 17:50:56 2014 -0700
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
    webconfig: Use a constant-time token comparison
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
    This prevents a linear-time attack to recover the auth token.
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
Andy Lutomirski 4de0b6 
index 2a103eb..452f771 100755
Andy Lutomirski 4de0b6 
--- a/share/tools/web_config/webconfig.py
Andy Lutomirski 4de0b6 
+++ b/share/tools/web_config/webconfig.py
Andy Lutomirski 4de0b6 
@@ -471,6 +471,14 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
Andy Lutomirski 4de0b6 
                 # Ignore unreadable files, etc
Andy Lutomirski 4de0b6 
                 pass
Andy Lutomirski 4de0b6 
         return result
Andy Lutomirski 4de0b6 
+
Andy Lutomirski 4de0b6 
+    def secure_startswith(self, haystack, needle):
Andy Lutomirski 4de0b6 
+        if len(haystack) < len(needle):
Andy Lutomirski 4de0b6 
+            return False
Andy Lutomirski 4de0b6 
+        bits = 0
Andy Lutomirski 4de0b6 
+        for x,y in zip(haystack, needle):
Andy Lutomirski 4de0b6 
+            bits |= ord(x) ^ ord(y)
Andy Lutomirski 4de0b6 
+        return bits == 0
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
     def font_size_for_ansi_prompt(self, prompt_demo_ansi):
Andy Lutomirski 4de0b6 
         width = ansi_prompt_line_width(prompt_demo_ansi)
Andy Lutomirski 4de0b6 
@@ -489,7 +497,7 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
Andy Lutomirski 4de0b6 
         p = self.path
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
         authpath = '/' + authkey
Andy Lutomirski 4de0b6 
-        if p.startswith(authpath):
Andy Lutomirski 4de0b6 
+        if self.secure_startswith(p, authpath):
Andy Lutomirski 4de0b6 
             p = p[len(authpath):]
Andy Lutomirski 4de0b6 
         else:
Andy Lutomirski 4de0b6 
             return self.send_error(403)
Andy Lutomirski 4de0b6 
@@ -528,7 +536,7 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
Andy Lutomirski 4de0b6 
         p = self.path
Andy Lutomirski 4de0b6
Andy Lutomirski 4de0b6 
         authpath = '/' + authkey
Andy Lutomirski 4de0b6 
-        if p.startswith(authpath):
Andy Lutomirski 4de0b6 
+        if self.secure_startswith(p, authpath):
Andy Lutomirski 4de0b6 
             p = p[len(authpath):]
Andy Lutomirski 4de0b6 
         else:
Andy Lutomirski 4de0b6 
             return self.send_error(403)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation