karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (KARAF-4214) Deserialization of Untrusted Data
Date Tue, 23 Aug 2016 17:30:22 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated KARAF-4214:
----------------------------------------
    Fix Version/s:     (was: 4.0.6)
                   4.0.7

> Deserialization of Untrusted Data
> ---------------------------------
>
>                 Key: KARAF-4214
>                 URL: https://issues.apache.org/jira/browse/KARAF-4214
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>             Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis
on the karaf source code.
> The application deserializes untrusted data without sufficiently verifying that the resulting
data will be valid. An adversary could attack the application by tampering with the resource
"karaf.key". 
> File: client\src\main\java\org\apache\karaf\client\Main.java
> Line: 297
> Main.java, lines 291-313:
> {code}
> 291 private static SshAgent startAgent(String user, URL privateKeyUrl, String keyFile)
{
> 292     InputStream is = null;
> 293     try {
> 294         SshAgent agent = new AgentImpl();
> 295         is = privateKeyUrl.openStream();
> 296         ObjectInputStream r = new ObjectInputStream(is);
> 297         KeyPair keyPair = (KeyPair) r.readObject();
> 298         is.close();
> 299         agent.addIdentity(keyPair, user);
> 300         if (keyFile != null) {
> 301             String[] keyFiles = new String[]{keyFile};
> 302             FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(keyFiles);
> 303             for (KeyPair key : fileKeyPairProvider.loadKeys()) {
> 304                 agent.addIdentity(key, user);                
> 305             }
> 306         }
> 307         return agent;
> 308     } catch (Throwable e) {
> 309         close(is);
> 310         System.err.println("Error starting ssh agent for: " + e.getMessage());
> 311         return null;
> 312     }
> 313 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message