Injection attack mitigation

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:19 [raw]

Does bitmessage have any countermeasures to prevent sqlite and code injection attacks from incoming objects and message content? Are there any avenues of potential injection in the negotiation of TLS connections?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:30 [raw]

I don't think "countermeasures" is the right term here, because those are problems that can't occur if the data is handled properly. With sqlite, that's migrated by using prepared statements, since binding values to those, whether text or blobs, requires you to specify the length in bytes, and the statement as such is precompiled and static, i.e. invalid data can't change the statement executed. And even if you get the length wrong, sqlite might try to read a BLOB, i.e. data it doesn't look at other than to store it, from invalid memory, which would just mean the sqlite database then contains garbage or crashes with memory access violations. But using prepared statements it's basically impossible to perform sql injection (given there aren't bugs in sqlite itself, which isn't part of BitMessage's scope). For TLS connections... There's no relation to the sqlite database (peer lists and anything else that is related to the connection process is separate from the database), and anything else would be caused by bugs in the used SSL library, which is also out of scope of this project.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:38 [raw]

There's no relation to perform sql injection given there aren't bugs using prepared statements since binding values to the used SSL library, which would just mean the database then contains garbage or blobs, requires you to the sqlite database, then contains garbage or blobs, requires you to the sqlite, might try to store it, doesn't look at other than to those, are problems that is the right term here, because those are problems that is separate from the length in sqlite database, and even if the used SSL library, which is separate from the anything else that is handled properly. But using prepared statements, since binding values to the data is the used SSL library, which is related to the used SSL library, which is related to store it, doesn't look at other than to read a BLOB, data is handled properly. With sqlite might try to specify the statement as such is precompiled and the statement as such is precompiled and anything else that is related the length in the connection process is related to the length in the statement connection process is the right term here, because those, are problems that is handled properly: else that is separate from the right sqlite and the data is separate from the sqlite might try to those, are problems that is separate from the connection process is the length in the right length in the right term here, because those, are problems that is precompiled and anything else that is related to perform sql injection given there aren't bugs in the data can't occur if the right term here, because those, are problems that is related to perform sql injection in right term here, because those are problems that is precompiled and even if the static, anything else that is precompiled and the data is separate from the connection process is the used SSL library, which would just mean the connection process is handled properly.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 16:59 [raw]

> Does bitmessage have any countermeasures to prevent sqlite and code > injection attacks from incoming objects and message content? Like the other guy said, SQL injection attacks are mitigated by using prepared statements. That still leaves open the possibility of bugs in sqlite libraries but I can't do much about it. For offical binary releases I always use the latest python version (Windows build from source) and let homebrew take care of upgrades on OSX. Regarding message content, prior to extended encoding there was basically UTF-8 subject and body and that's it. The message view frame uses a very restricted environment with most fancy functionality disabled, it does not have network protocol handlers, and the HTML parser has a tag whitelist. Extended encoding increases that attack surface as it uses zlib and msgpack. There is now a size limit for decoding to protect against compression ratio bombs. There appear to be some bugs that trigger an exception in the decoding of such objects, causing the object processor thread to die, so you could have a DoS. I'll wrap this around another exception handler. But once it's decoded, at the moment it still only supports the same data types as the previous encodings. Even if there is extra data, it's ignored as there's nowhere to save it or to display it. It would just hang around in memory for a while until it's garbage-collected. This may change in the future but I'll try to extend the functionality conservatively, and the extended encoding code is separated into its own classes, so it's easier to debug and audit. > Are there any avenues of potential injection in the negotiation of > TLS connections? I'm not a TLS expert so I guess it depends on the TLS library which python is linked against. Bitmessage only supports TLS 1.0 or later, so many of the older attacks don't work at all. As far as I know the only known SSL vulnerability publicised thoughout the last couple of years that would have affected PyBitmessage was heartbleed as the heartbeat extension can't be turned off in runtime. I want to add node authentication in the near future to mitigate active MiTM. Even so, I'm not sure how much data an attacker can inject into TLS. I reworked the bitmessage protocol parser from scratch over the last year, and based on advice it now drops a connection if there is a decoding error (in the past, it kept skipping over faulty data hoping it can synchronise later). This should mitigate injection attacks that can't inject a 100% accurate content. For official binary releases, on Windows I manually edit the python build scripts to include the latest OpenSSL version it supports. For OSX homebrew takes care of upgrades. Peter Surda Bitmessage core developer

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 17:06 [raw]

> Even so, I'm not sure how much data an attacker can inject into TLS. > I reworked the bitmessage protocol parser from scratch over the last > year, and based on advice it now drops a connection if there is a > decoding error (in the past, it kept skipping over faulty data > hoping it can synchronise later). This should mitigate injection > attacks that can't inject a 100% accurate content. I forgot to write that all protocol messages contain a checksum, which makes it even harder to inject a valid message. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 13 16:47 [raw]

https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 13 16:52 [raw]

> https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9 The bug referenced here does not allow to inject a message into a TLS connection. Peter Surda Bitmessage core developer

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
Support request -- GPUs (Intel(R) HD Graphics IvyBridge M GT1) did not calculate correctly Nov 14 19:22 1
Ebola on the rampage in USA again Nov 13 06:47 1
ending the waffle Nov 13 04:56 7
Vuvuzela - anonymous messaging that scales to millions of users Nov 12 16:07 6
forwarding in BM Nov 12 15:04 5
Dear Freemasons Nov 12 07:13 2
CSS3 in Bitmessage interface Nov 12 06:56 1
Pastwatch & Aqua Distributed Version Control Nov 11 11:56 1
SOLUTION for spam Nov 11 11:56 23
Vuvuzela - Metadata-private messaging Nov 11 11:56 1
tes Nov 9 11:19 2
I'm back Nov 9 03:35 8
Bitmessage Network Health Report Nov 7 23:48 12
nodejs clientr KEWLIO Nov 7 07:26 4
Scalability Idea Nov 7 07:24 7
Do NOT spam Nov 7 03:09 8
here is the trick to run pyBM on a server without trouble Nov 5 18:41 8
Scalability Question?? Nov 5 09:09 3
re Re: Scalability Question?? Nov 5 08:21 1
aaa Nov 5 02:48 1
Bitmessage Plugins Nov 3 21:33 3
Any nodejs interface to the bitmessage api yet? Nov 3 19:12 2
Recent API status bug Nov 2 12:38 9
zero bundle -- 0net Nov 2 10:41 4
zero git on 0net Nov 1 12:43 6
(no subject) Nov 1 02:48 6
greetings Oct 31 23:05 3
Re: Oct 31 22:25 1
{ ^ } break { ^ } Oct 31 22:11 1
(no subject) Oct 31 14:33 4
INVALID FORMAT Oct 31 12:12 6
hello world Oct 31 07:40 1
Is there anybody out there? Oct 30 08:03 3
join the darknet - be badass at leakswldjpesnuvn.onion Oct 29 20:33 5
more cores, slower pyBM Oct 29 01:36 15
new bitboard thread Oct 27 17:17 3
http://leakswldjpesnuvn.onion seems stable Oct 27 16:36 1
spot the spammer Oct 27 09:37 3
oniontkryve46opu.onion Oct 27 09:01 2
3 BM websites and all fucked Oct 26 21:00 12
Newcomer Oct 26 18:36 10
135453 Oct 25 22:06 1
Stay in touch Oct 25 13:06 1
new BM site online Oct 25 10:39 3
134730 Oct 25 09:59 1
BM is flatlining : https://beamstat.com/obj Oct 25 08:13 9
a new bitboard went online Oct 25 02:10 4
BM is flatlining : https://beamstat.com/obj Oct 25 00:23 1
sql Oct 24 22:44 1
how I hacked BM Oct 24 22:11 3
--curses mode with bitboard crashy Oct 24 21:30 5
BMF bug Oct 24 04:21 1
onion4442sx7tvvk.onion ONION 444 new website for BM ! hot shit ! Oct 24 04:21 5
running pyBM as daemon on a remote server Oct 24 04:21 11
post with \ backskash Oct 24 04:21 1
how I hacked BM Oct 24 04:17 3
BM is flatlining : https://beamstat.com/obj 1200 bytes the average object Oct 24 04:17 2
secret bin for Bitmessage people Oct 24 04:16 19
post with \ backskash Oct 24 04:11 1
anti-crash loop for BM Oct 22 06:53 2
actually, Oct 22 03:45 1
onion4442sx7tvvk.onion ONION 444 new website for BM ! hot shit ! Oct 21 21:49 1
magnet link publishing Oct 21 19:11 4
wanna hack a webserver ? free link here : http://nybarox.pythonanywhere.com Oct 21 07:16 17
cypherpunk Oct 21 06:54 5
leakswldjpesnuvn.onion relaunched and works like a charm ! Oct 20 22:49 1
leakswldjpesnuvn.onion relaunched and works like a charm ! Oct 20 20:44 1
new chan for BM site: http://leakswldjpesnuvn.onion/board/?chan=BM-2cVDWbAj3oftfGD1saBukfgGHDeUFKzNHc Oct 20 19:08 1
http://leakswldjpesnuvn.onion hot !!!! Oct 20 18:49 5
feature request Oct 20 08:04 3
http://leakswldjpesnuvn.onion Oct 20 04:36 1
new beamstat-like BM site online! read + write ! http://leakswldjpesnuvn.onion Oct 20 04:29 5
broadcast ===> BM-2cSmA3nNy2CnKN2Jmcexg6Eytgn9vLiDJg Oct 20 02:13 2
broadcast ===> BM-2cWPwaFc4LecJgQRfa4HHbC88yKxiUMKdv Oct 20 01:18 1
more badassy shit Oct 20 00:51 1
feature request Oct 19 23:28 1
badass shit Oct 19 21:14 1
bitboard thread Oct 19 21:14 17
working pic converter Oct 19 21:11 1
working pic converter Oct 19 19:20 5
badass shit Oct 19 17:43 1
wanna hack a webserver ? free link here : http://nybarox.pythonanywhere.com Oct 19 15:38 1
total badass shit Oct 19 14:56 2
working pic converer Oct 19 11:41 2
help make bm list Oct 19 11:24 4
justice being served , after all Oct 18 20:26 1
paste videos safely ! no install necessary Oct 18 18:44 1
I rented a 1 € v-server Oct 18 17:58 1
secret bin for Bitmessage people Oct 18 17:19 1
boring news Oct 18 17:10 1
bitmessage-address-lowercase.py Oct 18 16:35 3
babe Oct 18 16:29 1