Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security: states: Fail oldstyle servers when tls==2
This test succeeds, which is wrong: $ nbdsh -c 'h.set_tls(nbd.TLS_REQUIRE)' \ -c 'h.connect_command(["nbdkit", "-o", "-s", "null"])' \ -c 'print(h.get_size())' 0 Consider the case of a server that allows, but does not require, TLS encryption. A client that wants to only use the server if encrypted (as evidenced by the request for LIBNBD_TLS_REQUIRE) can be subjected to a protocol downgrade attack: a man-in-the-middle attacker can translate the original server's unencrypted newstyle offerings into an oldstyle server, such that the client is now unaware that it is sending plain-text rather than the desired encrypted session. Red Hat security will probably assign this a CVE, but we felt it reasonable to publish the fix now, in part due to the rarity of oldstyle servers these days. Workaround: if the server offers extensions that are only possible in newstyle connections, a client can check post-connection but before sending any read or write requests that any of those extensions are enabled, to ensure that a newstyle connection is in use (unfortunately, this doesn't help for all servers). Known witnesses: - if nbd_can_df(h) returns true - if the client requested nbd_add_meta_context(h, context) prior to connection, then after connection nbd_can_meta_context(h, context) returns true (the most common context is LIBNBD_CONTEXT_BASE_ALLOCATION)
- Loading branch information