Injection attack mitigation

[chan] bitmessage
Feb 7 16:19 [raw]

Does bitmessage have any countermeasures to prevent sqlite and code injection attacks from incoming objects and message content? Are there any avenues of potential injection in the negotiation of TLS connections?

[chan] bitmessage
Feb 7 16:30 [raw]

I don't think "countermeasures" is the right term here, because those are problems that can't occur if the data is handled properly. With sqlite, that's migrated by using prepared statements, since binding values to those, whether text or blobs, requires you to specify the length in bytes, and the statement as such is precompiled and static, i.e. invalid data can't change the statement executed. And even if you get the length wrong, sqlite might try to read a BLOB, i.e. data it doesn't look at other than to store it, from invalid memory, which would just mean the sqlite database then contains garbage or crashes with memory access violations. But using prepared statements it's basically impossible to perform sql injection (given there aren't bugs in sqlite itself, which isn't part of BitMessage's scope). For TLS connections... There's no relation to the sqlite database (peer lists and anything else that is related to the connection process is separate from the database), and anything else would be caused by bugs in the used SSL library, which is also out of scope of this project.

[chan] bitmessage
Feb 7 16:38 [raw]

There's no relation to perform sql injection given there aren't bugs using prepared statements since binding values to the used SSL library, which would just mean the database then contains garbage or blobs, requires you to the sqlite database, then contains garbage or blobs, requires you to the sqlite, might try to store it, doesn't look at other than to those, are problems that is the right term here, because those are problems that is separate from the length in sqlite database, and even if the used SSL library, which is separate from the anything else that is handled properly. But using prepared statements, since binding values to the data is the used SSL library, which is related to the used SSL library, which is related to store it, doesn't look at other than to read a BLOB, data is handled properly. With sqlite might try to specify the statement as such is precompiled and the statement as such is precompiled and anything else that is related the length in the connection process is related to the length in the statement connection process is the right term here, because those, are problems that is handled properly: else that is separate from the right sqlite and the data is separate from the sqlite might try to those, are problems that is separate from the connection process is the length in the right length in the right term here, because those, are problems that is precompiled and anything else that is related to perform sql injection given there aren't bugs in the data can't occur if the right term here, because those, are problems that is related to perform sql injection in right term here, because those are problems that is precompiled and even if the static, anything else that is precompiled and the data is separate from the connection process is the used SSL library, which would just mean the connection process is handled properly.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 16:59 [raw]

> Does bitmessage have any countermeasures to prevent sqlite and code > injection attacks from incoming objects and message content? Like the other guy said, SQL injection attacks are mitigated by using prepared statements. That still leaves open the possibility of bugs in sqlite libraries but I can't do much about it. For offical binary releases I always use the latest python version (Windows build from source) and let homebrew take care of upgrades on OSX. Regarding message content, prior to extended encoding there was basically UTF-8 subject and body and that's it. The message view frame uses a very restricted environment with most fancy functionality disabled, it does not have network protocol handlers, and the HTML parser has a tag whitelist. Extended encoding increases that attack surface as it uses zlib and msgpack. There is now a size limit for decoding to protect against compression ratio bombs. There appear to be some bugs that trigger an exception in the decoding of such objects, causing the object processor thread to die, so you could have a DoS. I'll wrap this around another exception handler. But once it's decoded, at the moment it still only supports the same data types as the previous encodings. Even if there is extra data, it's ignored as there's nowhere to save it or to display it. It would just hang around in memory for a while until it's garbage-collected. This may change in the future but I'll try to extend the functionality conservatively, and the extended encoding code is separated into its own classes, so it's easier to debug and audit. > Are there any avenues of potential injection in the negotiation of > TLS connections? I'm not a TLS expert so I guess it depends on the TLS library which python is linked against. Bitmessage only supports TLS 1.0 or later, so many of the older attacks don't work at all. As far as I know the only known SSL vulnerability publicised thoughout the last couple of years that would have affected PyBitmessage was heartbleed as the heartbeat extension can't be turned off in runtime. I want to add node authentication in the near future to mitigate active MiTM. Even so, I'm not sure how much data an attacker can inject into TLS. I reworked the bitmessage protocol parser from scratch over the last year, and based on advice it now drops a connection if there is a decoding error (in the past, it kept skipping over faulty data hoping it can synchronise later). This should mitigate injection attacks that can't inject a 100% accurate content. For official binary releases, on Windows I manually edit the python build scripts to include the latest OpenSSL version it supports. For OSX homebrew takes care of upgrades. Peter Surda Bitmessage core developer

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 17:06 [raw]

> Even so, I'm not sure how much data an attacker can inject into TLS. > I reworked the bitmessage protocol parser from scratch over the last > year, and based on advice it now drops a connection if there is a > decoding error (in the past, it kept skipping over faulty data > hoping it can synchronise later). This should mitigate injection > attacks that can't inject a 100% accurate content. I forgot to write that all protocol messages contain a checksum, which makes it even harder to inject a valid message. Peter Surda Bitmessage core developer

[chan] bitmessage <<Ext>>
Feb 13 16:47 [raw]

https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 13 16:52 [raw]

> https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9 The bug referenced here does not allow to inject a message into a TLS connection. Peter Surda Bitmessage core developer

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
PyBitmessage Security Scan on Branch v0.6 May 26 08:07 9
YOU WANNA HIRE A LEGIT HACKER????? May 26 04:39 5
Security Test on PyBitmessage Branch Master May 26 00:11 1
#2 May 25 22:41 6
minimum difficulty for chans May 25 16:45 16
BM-2cWkFSxB4cyeNVr99tgJdkMA2nfivbXLiH May 25 07:07 2
ein kleines pyBM Nebenproblem in KDE LiquidShell May 24 18:14 1
PyBitmessage 0.6.3.2 blacklist whitelist May 24 06:29 6
Test DML May 24 02:18 1
Now, following my own advice, adding channel bitmessage and general to the blacklist May 23 15:50 9
hyperboria node [fc5b:acf7:9762:439c:394d:02bb:d603:05de]:8444 May 23 01:34 3
Feature request: delete all messages from user May 22 10:46 2
(no subject) May 22 06:46 7
Github Wiki complaint May 21 08:49 12
EFAIL?! May 21 08:25 26
ERROR - Error Processing May 21 08:25 3
Curious May 21 02:17 32
Is bitmessage within whonix bad? May 20 21:24 14
Duplicate messages May 20 21:08 1
Download of Windows binary from Bitmessage.org May 20 07:25 3
How to create a "send only" bitmessage address May 20 04:35 1
/join #bitmessage on eris.us.ircnet.net :6667 May 19 21:46 3
hey - why not make pyBM as shitty as "Signal-App" by Marlinspike ? May 19 20:30 7
use Claws mail-App with pyBM and python May 19 20:28 5
A question May 18 23:24 2
A Few Bitmessage Internals for New Users May 18 23:08 5
May 18 17:33 1
Ideas for countering trolls and spam May 18 12:54 98
DARKNET DIRECTORY ASSISTANCE May 18 02:25 1
Broadcast messages May 17 23:24 24
2018 : Der junge Karl Marx -- youtube.com/watch?v=AbM76KUm4IM -- 2 hours "Le Jeune Karl Marx" May 17 20:24 1
Signal-App is complete shit May 17 20:24 13
May 17 19:49 2
OTR interception May 17 18:00 3
auto renew one's canary using broadcast or [chan] ? May 17 10:51 1
latest in the spy world May 16 14:14 3
Curious -- GUIfied pyBM-CLI May 16 13:47 1
efail vulns May 16 13:21 1
how does the namecoin feature work? May 16 07:24 3
Email campaign to promote Bitmessage? May 15 18:09 1
NSA doesn't joke, folks May 14 23:26 2
Beaker May 14 19:27 1
Bitmessage Bug - Re: Now, following my own advice, adding channel bitmessage and general to the blacklist May 14 16:21 3
Ideas for countering trolls and spam - technology. May 14 16:21 9
BITMESSAGE May 14 14:58 2
BM in firejail May 14 14:24 1
Team Revenge May 14 09:54 1
What are these messages? May 13 07:57 8
Bitmessage Bug? May 10 19:59 1
TOR -> VPN -> TOR May 10 14:57 2
Bitmessage on Raspi May 10 09:32 2
Bloom Filter for Routing May 10 09:04 1
Alternative treatment of Bitmessage addresses for use as public channels May 9 16:12 4
deterministic passphrases May 8 16:54 21
nothing wrong with suicide these days May 8 10:30 2
What's Peter Todd's public key? May 8 10:27 7
BMinstallMenu - easy download + run Bitmessage from py source in one single menu May 8 08:46 1
BMinstallMenu - easy download + run Bitmessage from py source in one single menu May 7 18:38 2
Why there are so many alternative Bitmessage implementations? May 7 18:31 14
modding pyBM May 7 18:17 4
bm hidden service settings May 7 10:48 1
bitmessage feature proposal May 7 10:38 1
This shit world May 7 07:22 2
Outgoing connections May 7 04:53 2
"time to live" ? May 7 03:27 2
OTR on Bitmessage May 7 02:06 31
Newbies! READ ME! (Bitmessage Primer) May 7 00:43 1
For Bitmessage Devs - GUI Interface Design May 6 23:18 1
O M E G A May 6 19:14 14
Bitmessage being sandbagged? May 6 05:55 3
Is Peter Surda around? Why stop signing technical messages? May 5 22:40 3
How to decrypt past objects? May 5 08:18 14
PyBM Error - no sufficient space in / partition but /home have lot's of free space May 4 13:42 3
Anybody seen this error before? May 4 12:58 4
<h1>HTML tags are enabled in subject tooltips</h1> May 3 22:17 3
is that right? May 3 07:33 6
RE: pyinstaller binaries do not run May 2 07:37 1
RE: hidden chan? May 1 06:05 1
hidden chan? Apr 30 16:15 2
bitmessage takes long to connect and finds only few peers Apr 29 10:54 2
pyinstaller binaries do not run Apr 29 09:43 1
ready-made Linux distro with BM included via TOR : "Merlot" Apr 29 09:27 1