6d54d90541
OpenOCD can be targeted by a Cross Protocol Scripting attack from
a web browser running malicious code, such as the following PoC:
var x = new XMLHttpRequest();
x.open("POST", "http://127.0.0.1:4444", true);
x.send("exec xcalc\r\n");
This mitigation should provide some protection from browser-based
attacks and is based on the corresponding fix in Redis:
8075572207/src/networking.c (L1758)
Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reported-by: Josef Gajdusek <atx@atx.name>
Reviewed-on: http://openocd.zylin.com/4335
Tested-by: jenkins
Reviewed-by: Jonathan McDowell <noodles-openocd@earth.li>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
22 lines
700 B
Tcl
22 lines
700 B
Tcl
# Defines basic Tcl procs for OpenOCD server modules
|
|
|
|
# Handle GDB 'R' packet. Can be overridden by configuration script,
|
|
# but it's not something one would expect target scripts to do
|
|
# normally
|
|
proc ocd_gdb_restart {target_id} {
|
|
# Fix!!! we're resetting all targets here! Really we should reset only
|
|
# one target
|
|
reset halt
|
|
}
|
|
|
|
proc prevent_cps {} {
|
|
echo "Possible SECURITY ATTACK detected."
|
|
echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
|
|
echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
|
|
echo "to compromise your OpenOCD instance. Connection aborted."
|
|
exit
|
|
}
|
|
|
|
proc POST {args} { prevent_cps }
|
|
proc Host: {args} { prevent_cps }
|