CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks

OpenOCD can be targeted by a Cross Protocol Scripting attack from a web browser running malicious code, such as the following PoC: var x = new XMLHttpRequest(); x.open("POST", "http://127.0.0.1:4444", true); x.send("exec xcalc\r\n"); This mitigation should provide some protection from browser-based attacks and is based on the corresponding fix in Redis: 8075572207/src/networking.c (L1758) Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581 Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com> Reported-by: Josef Gajdusek <atx@atx.name> Reviewed-on: http://openocd.zylin.com/4335 Tested-by: jenkins Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li> Reviewed-by: Paul Fertser <fercerpav@gmail.com>
2018-01-13 21:00:47 +01:00 · 2018-01-13 21:00:47 +01:00 · 6d54d90541
parent 9de7d9c81d
commit 6d54d90541
1 changed files with 11 additions and 0 deletions
--- a/src/server/startup.tcl
+++ b/src/server/startup.tcl
@ -8,3 +8,14 @@ proc ocd_gdb_restart {target_id} {
 	# one target
 	reset halt
 }
+
+proc prevent_cps {} {
+	echo "Possible SECURITY ATTACK detected."
+	echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
+	echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
+	echo "to compromise your OpenOCD instance. Connection aborted."
+	exit
+}
+
+proc POST {args} { prevent_cps }
+proc Host: {args} { prevent_cps }