Verify HMAC of invirt-vnc token before unpickling anything.

author Joshua Oreman <oremanj@rwcr.net>

Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)

committer Joshua Oreman <oremanj@rwcr.net>

Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)
author Joshua Oreman <oremanj@rwcr.net>
Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)
committer Joshua Oreman <oremanj@rwcr.net>
Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)
diff --git a/debian/changelog b/debian/changelog

index 1cbcba0..435adf2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+invirt-vnc-server (0.0.11) unstable; urgency=low
+
+  * Verify HMAC of invirt-vnc token before unpickling anything.
+    Thanks to Nelson Elhage for the report.
+
+ -- Joshua Oreman <oremanj@mit.edu>  Mon, 14 Mar 2011 23:49:06 -0400
+
  invirt-vnc-server (0.0.10) unstable; urgency=low
  
    * Add missing dependency on python-openssl.
  invirt-vnc-server (0.0.10) unstable; urgency=low
  
    * Add missing dependency on python-openssl.
diff --git a/invirt-vnc-authtoken b/invirt-vnc-authtoken

index a173f46..4600afb 100755 (executable)
--- a/invirt-vnc-authtoken
+++ b/invirt-vnc-authtoken
@@ -24,9 +24,7 @@ def getAuthToken(username, machine, lifetime=5*60):
      pickled_data = cPickle.dumps(data)
      m = hmac.new(getTokenKey(), digestmod=sha)
      m.update(pickled_data)
      pickled_data = cPickle.dumps(data)
      m = hmac.new(getTokenKey(), digestmod=sha)
      m.update(pickled_data)
-    token = {'data': pickled_data, 'digest': m.digest()}
-    token = cPickle.dumps(token)
-    token = base64.urlsafe_b64encode(token)
+    token = ".".join(map(base64.urlsafe_b64encode, (pickled_data, m.digest())))
      return token
  
  def main():
      return token
  
  def main():
diff --git a/python/vnc/extauth.py b/python/vnc/extauth.py

index a01a858..12176ca 100644 (file)
--- a/python/vnc/extauth.py
+++ b/python/vnc/extauth.py
@@ -65,11 +65,10 @@ class VNCAuth(protocol.Protocol):
      def validateToken(self, token):
          self.auth_error = "Invalid token"
          try:
      def validateToken(self, token):
          self.auth_error = "Invalid token"
          try:
-            token = base64.urlsafe_b64decode(token)
-            token = cPickle.loads(token)
+            (pickled_data, digest) = map(base64.urlsafe_b64decode, token.split("."))
              m = hmac.new(getTokenKey(), digestmod=sha)
              m = hmac.new(getTokenKey(), digestmod=sha)
-            m.update(token['data'])
-            if (m.digest() == token['digest']):
+            m.update(pickled_data)
+            if (m.digest() == digest):
                  data = cPickle.loads(token['data'])
                  expires = data["expires"]
                  if (time.time() < expires):
                  data = cPickle.loads(token['data'])
                  expires = data["expires"]
                  if (time.time() < expires):
@@ -79,7 +78,7 @@ class VNCAuth(protocol.Protocol):
                      self.auth_data = data
                  else:
                      self.auth_error = "Token has expired; please try logging in again"
                      self.auth_data = data
                  else:
                      self.auth_error = "Token has expired; please try logging in again"
-        except (TypeError, cPickle.UnpicklingError):
+        except (TypeError, ValueError, cPickle.UnpickleError):
              self.auth = None            
              print sys.exc_info()
  
              self.auth = None            
              print sys.exc_info()
author	Joshua Oreman <oremanj@rwcr.net>
	Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)
committer	Joshua Oreman <oremanj@rwcr.net>
	Tue, 15 Mar 2011 03:50:14 +0000 (23:50 -0400)
debian/changelog		patch \| blob \| history
invirt-vnc-authtoken		patch \| blob \| history
python/vnc/extauth.py		patch \| blob \| history