From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 11ACF94E47 for ; Fri, 23 Feb 2024 14:06:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DE2F118D54 for ; Fri, 23 Feb 2024 14:06:10 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 23 Feb 2024 14:06:09 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A12B744F27 for ; Fri, 23 Feb 2024 14:06:09 +0100 (CET) Date: Fri, 23 Feb 2024 14:06:08 +0100 From: Wolfgang Bumiller To: Stefan Sterz Cc: Proxmox Backup Server development discussion Message-ID: References: <20240215152001.269490-1-s.sterz@proxmox.com> <20240215152001.269490-5-s.sterz@proxmox.com> <0e2e995a-ac9b-4b4a-b7ba-eeb154dfaab5@proxmox.com> <3114362d-e1c8-4107-be0d-61bc0173bc1b@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SPAM-LEVEL: Spam detection results: 0 AWL 0.093 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox 04/12] auth-api: move to hmac signing for csrf tokens X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2024 13:06:41 -0000 On Fri, Feb 23, 2024 at 10:26:15AM +0100, Stefan Sterz wrote: > On Tue Feb 20, 2024 at 1:54 PM CET, Max Carrara wrote: > > On 2/19/24 17:02, Max Carrara wrote: > > > On 2/15/24 16:19, Stefan Sterz wrote: > > >> + let mut hasher = openssl::sha::Sha256::new(); > > >> + let data = format!("{:08X}:{}:", ttime, userid); > > >> + hasher.update(data.as_bytes()); > > >> + hasher.update(&secret.as_bytes()?); > > >> + let old_digest = hasher.finish(); > > >> + > > >> + if old_digest.len() != sig.len() && openssl::memcmp::eq(&old_digest, &sig) { > > >> + bail!("invalid signature."); > > >> + } > > > > > > This check should IMO be split into two for some finer-grained error handling - meaning, > > > one `bail!()` for different `.len()`s and one if `old_digest` and `sig` are equal. > > > > > as discussed off-list: we should avoid very spcific error messages in > this case. usually that is good practice as it makes debugging easier. > however, here it just give more information to a potential attacker. i'm > not even sure we should return an "invalid signature" error message > here, rather a "csrf token is invalid" for all failure cases would > probably be best. but since we are already here, changing it would also > give more information to a potential attacker. I'd stick with *not* splitting up the error message here - but mostly out of habit, because the security impact is rather limited, given that there aren't that many valid lengths to choose from when the code is open source, so that's not something security should depend on either ;-)