Injection attack mitigation

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:19 [raw]

Does bitmessage have any countermeasures to prevent sqlite and code injection attacks from incoming objects and message content? Are there any avenues of potential injection in the negotiation of TLS connections?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:30 [raw]

I don't think "countermeasures" is the right term here, because those are problems that can't occur if the data is handled properly. With sqlite, that's migrated by using prepared statements, since binding values to those, whether text or blobs, requires you to specify the length in bytes, and the statement as such is precompiled and static, i.e. invalid data can't change the statement executed. And even if you get the length wrong, sqlite might try to read a BLOB, i.e. data it doesn't look at other than to store it, from invalid memory, which would just mean the sqlite database then contains garbage or crashes with memory access violations. But using prepared statements it's basically impossible to perform sql injection (given there aren't bugs in sqlite itself, which isn't part of BitMessage's scope). For TLS connections... There's no relation to the sqlite database (peer lists and anything else that is related to the connection process is separate from the database), and anything else would be caused by bugs in the used SSL library, which is also out of scope of this project.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 7 16:38 [raw]

There's no relation to perform sql injection given there aren't bugs using prepared statements since binding values to the used SSL library, which would just mean the database then contains garbage or blobs, requires you to the sqlite database, then contains garbage or blobs, requires you to the sqlite, might try to store it, doesn't look at other than to those, are problems that is the right term here, because those are problems that is separate from the length in sqlite database, and even if the used SSL library, which is separate from the anything else that is handled properly. But using prepared statements, since binding values to the data is the used SSL library, which is related to the used SSL library, which is related to store it, doesn't look at other than to read a BLOB, data is handled properly. With sqlite might try to specify the statement as such is precompiled and the statement as such is precompiled and anything else that is related the length in the connection process is related to the length in the statement connection process is the right term here, because those, are problems that is handled properly: else that is separate from the right sqlite and the data is separate from the sqlite might try to those, are problems that is separate from the connection process is the length in the right length in the right term here, because those, are problems that is precompiled and anything else that is related to perform sql injection given there aren't bugs in the data can't occur if the right term here, because those, are problems that is related to perform sql injection in right term here, because those are problems that is precompiled and even if the static, anything else that is precompiled and the data is separate from the connection process is the used SSL library, which would just mean the connection process is handled properly.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 16:59 [raw]

> Does bitmessage have any countermeasures to prevent sqlite and code > injection attacks from incoming objects and message content? Like the other guy said, SQL injection attacks are mitigated by using prepared statements. That still leaves open the possibility of bugs in sqlite libraries but I can't do much about it. For offical binary releases I always use the latest python version (Windows build from source) and let homebrew take care of upgrades on OSX. Regarding message content, prior to extended encoding there was basically UTF-8 subject and body and that's it. The message view frame uses a very restricted environment with most fancy functionality disabled, it does not have network protocol handlers, and the HTML parser has a tag whitelist. Extended encoding increases that attack surface as it uses zlib and msgpack. There is now a size limit for decoding to protect against compression ratio bombs. There appear to be some bugs that trigger an exception in the decoding of such objects, causing the object processor thread to die, so you could have a DoS. I'll wrap this around another exception handler. But once it's decoded, at the moment it still only supports the same data types as the previous encodings. Even if there is extra data, it's ignored as there's nowhere to save it or to display it. It would just hang around in memory for a while until it's garbage-collected. This may change in the future but I'll try to extend the functionality conservatively, and the extended encoding code is separated into its own classes, so it's easier to debug and audit. > Are there any avenues of potential injection in the negotiation of > TLS connections? I'm not a TLS expert so I guess it depends on the TLS library which python is linked against. Bitmessage only supports TLS 1.0 or later, so many of the older attacks don't work at all. As far as I know the only known SSL vulnerability publicised thoughout the last couple of years that would have affected PyBitmessage was heartbleed as the heartbeat extension can't be turned off in runtime. I want to add node authentication in the near future to mitigate active MiTM. Even so, I'm not sure how much data an attacker can inject into TLS. I reworked the bitmessage protocol parser from scratch over the last year, and based on advice it now drops a connection if there is a decoding error (in the past, it kept skipping over faulty data hoping it can synchronise later). This should mitigate injection attacks that can't inject a 100% accurate content. For official binary releases, on Windows I manually edit the python build scripts to include the latest OpenSSL version it supports. For OSX homebrew takes care of upgrades. Peter Surda Bitmessage core developer

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 17:06 [raw]

> Even so, I'm not sure how much data an attacker can inject into TLS. > I reworked the bitmessage protocol parser from scratch over the last > year, and based on advice it now drops a connection if there is a > decoding error (in the past, it kept skipping over faulty data > hoping it can synchronise later). This should mitigate injection > attacks that can't inject a 100% accurate content. I forgot to write that all protocol messages contain a checksum, which makes it even harder to inject a valid message. Peter Surda Bitmessage core developer

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 13 16:47 [raw]

https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 13 16:52 [raw]

> https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9 The bug referenced here does not allow to inject a message into a TLS connection. Peter Surda Bitmessage core developer

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
OK, let's hijack a community Feb 22 12:41 1
possible pull request -- mod for native save-as-dialog, e.g. in KDE - filter mod Feb 22 07:15 4
possible pull request -- mod for native save-as-dialog, complete /src/bitmessageqt/__init__.py Feb 21 22:01 1
possible pull request -- mod for native save-as-dialog, e.g. in KDE Feb 21 20:56 1
cool pyBM modification ! save BM as file natively, with proper KDE dialogue ! only 12 lines Feb 21 20:52 1
(no subject) Feb 21 19:32 1
The Moon Landing Was Faked and Astronauts Are Lying Feb 21 19:31 1
The Moon and the Sun are the Same Size Feb 21 19:24 1
The Earth IS flat Feb 21 19:21 1
UK Column News - 22 February 2019 Feb 21 19:12 1
UK Column News - 25th February 2019 Feb 21 19:10 3
UK Column News - 22nd February 2019 Feb 21 19:05 5
Call to murder Angela Merkel, Emmanuel Macron, Petro Poroshenko, Jens Stoltenberg etc. Feb 21 08:08 3
claws-mail + pyBM + Gtk3 - minitool Feb 19 21:05 7
claws-mail + pyBM + Gtk3. Feb 19 19:58 8
End of support for Windows XP for binary builds Feb 19 10:13 21
None of this is connectd Feb 17 23:58 1
Unextreme and unrelated fish pie Feb 17 23:53 1
Stalin - the greatest guy ever Feb 17 17:56 2
UK Column News - February 22 2019 Feb 17 17:29 1
UK Column News - 21 February 2019 Feb 17 17:27 1
UK Column News - 21st February 2019 Feb 17 17:22 1
UK Column News - February 21 2019 Feb 17 17:21 1
UK Column News - 20th February 2019 Feb 17 17:18 1
UK Column News - February 20 2019 Feb 17 17:16 1
UK Column News - 20 February 2019 Feb 17 17:15 1
UK Column News - February 19th 2019 Feb 17 17:14 1
UK Column News - 18 February 2019 Feb 17 17:10 1
UK Column News 19th - February 2019 Feb 17 17:09 1
UK Column News 19th February 2019 Feb 17 17:08 1
UK Column News - 18th February 2019 Feb 17 17:07 1
Stalin - the greatest guy ever Feb 17 15:43 1
cool BM things in the making Feb 17 12:33 9
NEW python3.7 -- this neat lil editor will kill EMACS for good ! new native dialog feature Feb 17 01:53 2
how to use mailing list...? Feb 17 01:51 4
Security Nightmares: hidden WebTorrent client in web advertisements to provoke copyright cease-and-desist fines Feb 16 21:23 1
End of support for Windows XP for binary builds -- ISO of a live distro Feb 16 08:01 1
UK Column News - 11 February 2019 Feb 10 11:07 5
come on guys, leak some more shitwarez Feb 10 07:28 14
DJ Bernstein sightings on Bitmessage Feb 10 06:57 1
UK Column News - February 12 2019 Feb 9 21:19 1
UK Column News - February 12th 2019 Feb 9 21:19 1
UK Column News - 12th February 2019 Feb 9 21:16 1
UK Column News - 11th February 2019 Feb 9 21:14 1
UK Column News - 9th February 2019 Feb 9 21:13 1
UK Column News - February 2019 7th Feb 7 07:45 2
UK Column News - 7 2019 February Feb 7 07:42 1
UK Column News - 2019 February 7th Feb 7 07:40 2
UK Column News - February 7th 2019 Feb 7 07:37 2
UK Column News - 2019 February 7 Feb 7 07:35 2
UK Column News - February 7 2019 Feb 7 07:29 1
UK Column News - 7th February 2019 Feb 7 07:26 3
UK Column News - 7 February 2019 Feb 7 07:25 1
UK Column News - 6th February 2019 Feb 2 15:57 3
UK Column News - 5th February 2019 Feb 2 15:57 4
UK Column News - 4th February 2019 Feb 2 15:57 5
what does dandelion: 90 do? Feb 1 11:42 7
stop test penis, please. it's OK Jan 30 09:39 4
dammit ! dang nigger pranked Dr. David Duke Jan 27 19:37 2
djurlite enacting Jan 27 00:00 1
Reversed shot upper value Jan 26 23:59 1
Normal drilling mud circulation buffer gas Jan 26 22:18 1
Power monitor homotopy boundary Jan 26 21:25 1
Pelerine point subtract counter Jan 26 21:25 1
Teeth misalignment country setting Jan 26 21:24 1
Crankous jam radio station Jan 26 21:23 1
Older the hyperarial Jan 26 21:23 1
Defects survey positive muon Jan 26 21:23 1
extrusion nozzle methanol treatment Jan 26 21:23 1
Townships hearth gas Jan 26 21:23 1
Transversal equalizer on pentalpha Jan 26 21:18 1
Salmoncoloured obtain circuit Jan 26 21:18 1
serializer firm support Jan 26 21:18 1
depredation for petroleum series Jan 26 21:11 1
Plotting camera the reeving system Jan 26 21:06 1
Conventional weapons for jack bar assembly Jan 26 20:59 1
operationally ready well sinking Jan 26 20:59 1
Tympan franzise Jan 26 20:58 1
Equipment status chart with frequency sounding Jan 26 20:58 1
Difference construction the alette Jan 26 20:52 1
Vitality rotten Jan 26 20:51 1
Multiloquence progressive fracture Jan 26 20:50 1
automatic backspace assemble editing continuous decomposition Jan 26 20:47 1
Summer oil level platy Jan 26 20:43 1
Approximative limit paramour Jan 26 20:43 1
Card file beddable Jan 26 20:38 1
Damage accumulation then hot leveling Jan 26 20:38 1
Frequency analysis method headless resistor Jan 26 20:38 1
Roundsman the outweigh a disadvantage Jan 26 20:38 1
Trustor with grounded sea ice Jan 26 20:38 1
Military law forest shelter belt Jan 26 20:38 1
tunnel cathode bring in evidence Jan 26 20:27 1
Vacuum melted alloy job control program Jan 26 20:19 1
Duplicate insulator string nuclear magnetic resonance log Jan 26 20:19 1
Linear parameter the underinvoicing Jan 26 20:19 1
Namesake oxygenated oil Jan 26 20:19 1
Echo chamber positive function Jan 26 20:19 1
Plasma belt amoebosis Jan 26 20:18 1
Film cartridge resign management Jan 26 20:18 1
Local optimization the equicontinuous group Jan 26 20:18 1