simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sat Apr 1 16:12:57 BST 2023
TL;DR:
dff4bd4d Improve error reporting from x11_verify().
8e7e3c59 Improve time-safety of XDM-AUTHORIZATION-1 validation.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2023-04-01 16:12:57
commit dff4bd4d14c4c2abbfa689f9a8f0cd876db5dcc7
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=dff4bd4d14c4c2abbfa689f9a8f0cd876db5dcc7;hp=cedeb75d59ce0c4b5b18270dbada6976ba07d7b1
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Apr 1 15:53:29 2023 +0100
Improve error reporting from x11_verify().
Now the return value is a dynamically allocated string instead of a
static one, which means that the error message can include details
taken from the specific failing connection. In particular, if someone
requests an X11 authorisation protocol we don't support, we can print
its name as part of the message, which may help users debug the
problem.
One particularly important special case of this is that if the client
connection presents _no_ authorisation - which is surely by far the
most likely thing to happen by accident, e.g. if the auth file has
gone missing, or the hostname doesn't match for some reason - then we
now give a specific message "No authorisation provided", which I think
is considerably more helpful than just lumping that very common case
in with "Unsupported authorisation protocol". Even changing the latter
to "Unsupported authorisation protocol ''" is still not very sensible.
The problem in that case is not that the user has tried an exotic auth
protocol we've never heard of - it's that they've forgotten, or
failed, to provide one at all.
The error message for "XDM-AUTHORIZATION-1 data was wrong length" is
the other modified one: it now says what the wrong length _was_.
However, all other failures of X-A-1 are still kept deliberately
vague, because saying which part of the decrypted string didn't match
is an obvious information leak.
ssh/x11fwd.c | 65 +++++++++++++++++++++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 23 deletions(-)
commit 8e7e3c59448013be44b8cba2b7f89a894ee34113
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=8e7e3c59448013be44b8cba2b7f89a894ee34113;hp=dff4bd4d14c4c2abbfa689f9a8f0cd876db5dcc7
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Apr 1 16:07:29 2023 +0100
Improve time-safety of XDM-AUTHORIZATION-1 validation.
While writing the previous patch, I realise that walking along a
decrypted string and stopping to complain about the first mismatch you
find is an anti-pattern. If we're going to deliberately give the same
error message for various mismatches, so as not to give away which
part failed first, then we should also avoid giving away the same
information via a timing leak!
I don't think this is serious enough to warrant the full-on advisory
protocol, because XDM-AUTHORIZATION-1 is rarely used these days and
also DES-based, so there are bigger problems with it. (Plus, why on
earth is it based on encryption anyway, not a MAC?) But since I
spotted it in passing, might as well fix it.
ssh/x11fwd.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
More information about the tartarus-commits
mailing list