Injection attack mitigation

[chan] bitmessage
Feb 7 16:19

Does bitmessage have any countermeasures to prevent sqlite and code injection attacks from incoming objects and message content? Are there any avenues of potential injection in the negotiation of TLS connections?

[chan] bitmessage
Feb 7 16:30

I don't think "countermeasures" is the right term here, because those are problems that can't occur if the data is handled properly. With sqlite, that's migrated by using prepared statements, since binding values to those, whether text or blobs, requires you to specify the length in bytes, and the statement as such is precompiled and static, i.e. invalid data can't change the statement executed. And even if you get the length wrong, sqlite might try to read a BLOB, i.e. data it doesn't look at other than to store it, from invalid memory, which would just mean the sqlite database then contains garbage or crashes with memory access violations. But using prepared statements it's basically impossible to perform sql injection (given there aren't bugs in sqlite itself, which isn't part of BitMessage's scope). For TLS connections... There's no relation to the sqlite database (peer lists and anything else that is related to the connection process is separate from the database), and anything else would be caused by bugs in the used SSL library, which is also out of scope of this project.

[chan] bitmessage
Feb 7 16:38

There's no relation to perform sql injection given there aren't bugs using prepared statements since binding values to the used SSL library, which would just mean the database then contains garbage or blobs, requires you to the sqlite database, then contains garbage or blobs, requires you to the sqlite, might try to store it, doesn't look at other than to those, are problems that is the right term here, because those are problems that is separate from the length in sqlite database, and even if the used SSL library, which is separate from the anything else that is handled properly. But using prepared statements, since binding values to the data is the used SSL library, which is related to the used SSL library, which is related to store it, doesn't look at other than to read a BLOB, data is handled properly. With sqlite might try to specify the statement as such is precompiled and the statement as such is precompiled and anything else that is related the length in the connection process is related to the length in the statement connection process is the right term here, because those, are problems that is handled properly: else that is separate from the right sqlite and the data is separate from the sqlite might try to those, are problems that is separate from the connection process is the length in the right length in the right term here, because those, are problems that is precompiled and anything else that is related to perform sql injection given there aren't bugs in the data can't occur if the right term here, because those, are problems that is related to perform sql injection in right term here, because those are problems that is precompiled and even if the static, anything else that is precompiled and the data is separate from the connection process is the used SSL library, which would just mean the connection process is handled properly.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 16:59

> Does bitmessage have any countermeasures to prevent sqlite and code > injection attacks from incoming objects and message content? Like the other guy said, SQL injection attacks are mitigated by using prepared statements. That still leaves open the possibility of bugs in sqlite libraries but I can't do much about it. For offical binary releases I always use the latest python version (Windows build from source) and let homebrew take care of upgrades on OSX. Regarding message content, prior to extended encoding there was basically UTF-8 subject and body and that's it. The message view frame uses a very restricted environment with most fancy functionality disabled, it does not have network protocol handlers, and the HTML parser has a tag whitelist. Extended encoding increases that attack surface as it uses zlib and msgpack. There is now a size limit for decoding to protect against compression ratio bombs. There appear to be some bugs that trigger an exception in the decoding of such objects, causing the object processor thread to die, so you could have a DoS. I'll wrap this around another exception handler. But once it's decoded, at the moment it still only supports the same data types as the previous encodings. Even if there is extra data, it's ignored as there's nowhere to save it or to display it. It would just hang around in memory for a while until it's garbage-collected. This may change in the future but I'll try to extend the functionality conservatively, and the extended encoding code is separated into its own classes, so it's easier to debug and audit. > Are there any avenues of potential injection in the negotiation of > TLS connections? I'm not a TLS expert so I guess it depends on the TLS library which python is linked against. Bitmessage only supports TLS 1.0 or later, so many of the older attacks don't work at all. As far as I know the only known SSL vulnerability publicised thoughout the last couple of years that would have affected PyBitmessage was heartbleed as the heartbeat extension can't be turned off in runtime. I want to add node authentication in the near future to mitigate active MiTM. Even so, I'm not sure how much data an attacker can inject into TLS. I reworked the bitmessage protocol parser from scratch over the last year, and based on advice it now drops a connection if there is a decoding error (in the past, it kept skipping over faulty data hoping it can synchronise later). This should mitigate injection attacks that can't inject a 100% accurate content. For official binary releases, on Windows I manually edit the python build scripts to include the latest OpenSSL version it supports. For OSX homebrew takes care of upgrades. Peter Surda Bitmessage core developer

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 7 17:06

> Even so, I'm not sure how much data an attacker can inject into TLS. > I reworked the bitmessage protocol parser from scratch over the last > year, and based on advice it now drops a connection if there is a > decoding error (in the past, it kept skipping over faulty data > hoping it can synchronise later). This should mitigate injection > attacks that can't inject a 100% accurate content. I forgot to write that all protocol messages contain a checksum, which makes it even harder to inject a valid message. Peter Surda Bitmessage core developer

[chan] bitmessage <<Ext>>
Feb 13 16:47

https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Feb 13 16:52

> https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9 The bug referenced here does not allow to inject a message into a TLS connection. Peter Surda Bitmessage core developer

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
bliss Feb 25 09:49 6
no TLS Feb 25 09:01 2
How to start an argument in geekspace Feb 25 08:43 43
Anonymity improvement idea for Bitmessage Feb 25 07:49 8
interface improvement Feb 25 02:05 1
Abit 1.0-rc1 Feb 24 18:18 2
http://33xtkivab2nthghe.onion/7uim34gdxs5z6b5l72nbji7ste Feb 24 08:36 1
Bitmessage security suggestion Feb 24 04:01 27
Fixes #1131 -- typo corrected Feb 23 22:19 1
little fish Feb 23 20:07 1
test Feb 23 17:43 3
Fixes #1134 Feb 23 14:42 2
Fixes #1131 Feb 23 11:37 1
Bitmessage feature request for API commands Feb 23 01:19 10
bitmessage launches cmd and then powershell Feb 22 15:53 56
bitmessage tor service Feb 22 13:31 6
I want the FEDS on this chan to know I identified one of their new tactics. Feb 20 12:03 2
Mitigating exploited software with firejail Feb 19 22:42 8
Critical vulnerability in v0.6.2 Feb 19 16:51 50
message database seems to be corrupted after all that upgraes and attacks Feb 19 14:55 7
Since upgrading yesterday to 6.3.2, Bitmessage is not connecting Feb 19 11:12 7
Inflood of old messages Feb 18 19:16 23
It is slow making connection. Feb 18 18:04 1
Globewashing Feb 18 17:44 1
how to make bitmessage secure Feb 18 05:02 1
Are you blacklisted/whitelisted? Feb 18 04:19 2
Are Linux systems vulnerable to recent attack? Feb 18 02:19 12
Are you blacklisted? Feb 18 02:09 1
address on Peter's reddit account Feb 17 23:51 3
Can't add entries to black list using Add Entry button Feb 17 15:20 4
Errors while trying to run 0.6.2 or 0.6.1 Feb 17 15:20 4
Bitmessage project looking for auditors and/or security specialists (reddit crosspost) Feb 17 13:21 6
HIRE A HACKER/CHANGE GRADES Feb 17 08:59 2
Download it. Feb 17 07:59 2
passphrase strength ? Feb 16 20:34 8
$ cd PyBitmessage ; git log | grep Author | sort -u | blacklist Feb 16 15:54 18
diagram Feb 16 01:46 1
Bitmessage components security seclusion example Feb 16 01:24 1
โฉฉ ๐„‰ ใŽฎ ไทฆ ๐Ÿžณ ๐Ÿ† ใ ๏‡บ f ๐™ฒ ๐Ÿ„ฆ โž‡ โจ˜ ใŠณ ๐— โฆฑ ๓ฟฟป ๏ค ๐Ÿ„น ๐Ÿ’ ๎… ไท„ ๎Žพ ๏ผซ ๎ƒ— ๐Ÿ†™ ๏€• ไทค ๐™ ๎Œฅ โ’„ โ‚น ๊ ฒ ๎‘• Feb 16 00:04 1
NOTICE: Address Revocation Feb 15 18:28 12
Cannot connect since yesterday Feb 15 17:59 2
Questions regarding recent bitmessage data exploit Feb 15 03:46 2
Latest commit borked Feb 14 05:26 5
BM-onion Feb 14 05:22 5
That's my new address Feb 14 03:40 1
BM massacre! Feb 13 21:23 2
Namecoin integration Feb 13 20:18 11
Hashwalling Functions for Security Feb 13 17:58 2
Same old problem connecting to network Feb 13 17:12 4
Injection attack mitigation Feb 13 16:52 7
This denial of service shit needs to be patched Feb 13 12:00 7
Test Feb 13 11:37 1
Proving that BM was sent? Feb 13 11:07 10
bitmessage ... Feb 13 08:13 1
Improve icon for chan + messages: important or not Feb 13 05:25 2
pickle puzzle Feb 13 01:03 20
so happy Feb 12 16:32 2
Fwd: Re: Did everyone else's BM starting freezing up Feb 11 03:54 10
hacker service Feb 10 03:48 2
another feature request Feb 10 01:12 1
bitmessage feature request Feb 10 01:10 1
feature request Feb 10 01:04 1
Questions for the Bitmessage Community Feb 9 21:30 7
Did everyone else's BM starting freezing up Feb 9 03:21 4
A light weight version of the denial of service message Feb 8 13:22 3
RE: Hello. Feb 8 11:48 1
WWtest Feb 8 10:44 1
test1 Feb 8 10:37 1
WARNING! denial of service message Feb 8 10:19 3
extended encoding Feb 8 01:24 7
bountyfy -- 7 โ‚ฌ payout Feb 5 20:59 2
clean up pyBM github landing page, please Feb 4 23:00 2
Running BM daemon as a service Feb 4 13:47 6
hidden service - long names Feb 4 12:37 7
RAM consumption - RAM not released Feb 3 21:05 4
Bug? First connection quickly breaks Feb 3 11:41 6
Request: debug.log initialization / termination Feb 2 18:30 2
kqueue poller in asyncore bounty -- no payout Feb 2 14:23 5
Bitmessage bug in Help > About Feb 2 13:59 7
Message size is metadata Feb 2 13:25 6
New warning "sni-qt/5864" WARN Feb 2 12:12 2
ordering Feb 1 10:38 12
RAM consumption Feb 1 10:14 5
discrepancy in transmit/receive byte counts Feb 1 07:53 6
BM CPU time Feb 1 02:39 5
kqueue poller in asyncore bounty Feb 1 00:13 15
new theme for beamstat Jan 31 11:35 2
Support request -- dontconnect in pyBM 062 not being honoured Jan 31 10:16 1
python IDE Jan 31 10:15 2
My BM is connected to one peer twice Jan 30 06:36 7
Support request/Bug report: keys.dat gets corrupted when running out of disk space Jan 29 15:44 2
Feature request/idea/suggestion: user-defined data directory (command-line argument) Jan 29 15:16 2
GUI dontsendack Jan 29 05:15 1
Another message problem Jan 29 03:49 3
Message deletion broken Jan 29 00:28 3
bitmessage on android device Jan 29 00:03 1