devel

devel@uclibc-ng.org

2 participants
1164 discussions

Configurable dns query id generation including random
by C Hanish Menon 06 May '22

06 May '22

Hi All, This is the updated and consolidated patch with the following additional features a) Add options to the Config.in to allow the platform developer to select between the different supported query id generation logics using make config/menuconfig/... Inturn now one can select between the following modes SimpleCounter / Urandom Only / Clock Only / PrngPlus (with automatic URandom & or Clock based reseeding) . So based on the features available on a given target, and or needs of a specific platform or release, uclibc's dns query id generation can be suitably selected/adjusted. b) The PrngPlus mode maintains its own state wrt prng, so that users of the global random prng won't be affected by dns lookups' use of random. c) Have hopefully tried to follow the coding style better this time. However as I have done lot of changes to the code flow from earlier patchs, I need to cross check once again the same. Please do cross-check the patch once for any possible oversights and or issues. Do note that I have tried this only on a linux vm+container setup, by hand holding the native host build tools and inturn using the prints and tcpdump to verify things are working as required. If no other issues are found, I will remove some of the debug prints I have still retained (and or convert to DPRINTF) and make a release tomorrow. -- Keep ;-) HanishKVC

1 0

Re: urandom seed with random id against dns poison and pre increment local_id for fallback to old simple counter behavior
by C Hanish Menon 05 May '22

05 May '22

Hi, Have updated the logic further such that a platform developer can force dnsrand_next to help achieve the current/previous simple counter logic, if needed. However if random dns query id is desired, then if urandom reading fails (previously it would have fallen back to the simple counter) but in turn if real time clock is available then clock_gettime is used to help reseed through srandom. However if neither (ie urandom and clock) is available, then now it still continues with the random prng, bcas anyway it is better than the simple counter at some level. Attached is the format-patch output between glibc master (592574ae535c35de500f6c3e8d8400d0bb0d985a) till the latest flow from my side. -- Keep ;-) HanishKVC

4 5

(fwd) Fwd: [ICS-VU-638779, CERT/CC VU#473698] Predictable DNS Transaction IDs in uClibc, uClibc-ng [labs-advisory@nozominetworks.com]
by Waldemar Brodkorb 05 May '22

05 May '22

----- Forwarded message from Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> ----- Date: Mon, 2 May 2022 17:01:29 +0200 From: Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.0 To: Waldemar Brodkorb <wbx(a)uclibc-ng.org> Subject: Fwd: [ICS-VU-638779, CERT/CC VU#473698] Predictable DNS Transaction IDs in uClibc, uClibc-ng Hello Waldemar, although we would have preferred an explicit confirmation from you, given the lack of alternatives and having received the approval from CERT/CC, we proceeded with the disclosure of the vulnerability to the mailing list. I kindly ask you to publish our email (the same that I am forwarding to you now) to https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/ . Best regards, Andrea Palanca -------- Forwarded Message -------- Subject: [ICS-VU-638779, CERT/CC VU#473698] Predictable DNS Transaction IDs in uClibc, uClibc-ng Date: Mon, 2 May 2022 16:53:48 +0200 From: Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> To: devel(a)uclibc-ng.org Hello, as per our last interaction with Mr. Brodkorb (https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/th…), in accordance with CERT/CC as per VINCE case VU#473698 (ICS-VU-638779), with this email we proceed with the public disclosure of the vulnerability. ----------------------------------- Vendor: uClibc, uClibc-ng Vendor URL: https://www.uclibc.org/, https://www.uclibc-ng.org/ Affected firmware: uClibc: All versions, uClibc-ng: All versions Vulnerability: Predictable DNS Transaction IDs Authors: Giannis Tsaraias (Cyber Threat Analyst @ Nozomi Networks), Andrea Palanca (Security Researcher @ Nozomi Networks) ----------------------------------- Vulnerability: The uClibc and uClibc-ng libraries generate DNS requests with incremental transaction IDs, while, at the same time, not enforcing any explicit port randomization techniques during the network connection. This may result in the possibility for an attacker to perform DNS Cache Poisoning attacks. More information in the "Exploitability" section here below. The vulnerability was confirmed statically and dynamically on version 0.9.33.2. By downloading all releases available on uClibc website, the vulnerability was confirmed statically in all versions (up to and including 0.9.33.2). Additionally, by downloading all releases of the uClibc-ng available, the vulnerability was confirmed statically for this library in all versions (up to and including 1.0.38, latest available at the time of the research). ----------------------------------- Details: The following analysis contains source code extracted from uClibc version 0.9.33.2. The uClibc library implements DNS requests by calling the internal “__dns_lookup” function, located in the source file “/libc/inet/resolv.c”. At line #1240, the function declares a static variable “last_id”. This variable contains the value of the transaction ID used in the last DNS request, and is initialized with the value “1” at the first invocation of “__dns_lookup”. Additionally, at line #1260, the function declares a variable “local_id”. This variable contains the value of the transaction ID that will be used in the upcoming DNS request, and is left uninitialized. At line #1309, at the first DNS request, the “local_id” variable is initialized with the value of the transaction ID of the last DNS request (“last_id”). Line #1320 is the actual core of the vulnerability: “local_id” is updated by incrementing by “1” its old value. After doing a bitwise AND at line #1321, this value is also stored inside “last_id” variable at line #1323. Finally, at line #1335, the value of “local_id” is copied inside the struct resolv_header “h” variable, which represents the actual content of the header of the DNS request. No other updates are done to the value of “local_id” or “last_id” in the remaining part of the function. Additionally, no UDP source port randomization is done (e.g., by explicitly invoking a “bind” with a random UDP source port) prior to performing the transmission of the DNS request. ----------------------------------- Exploitability: In order to exploit the vulnerability, given that the transaction ID is predictable, an attacker would need to craft a DNS response that contains the correct source port, as well as win the race against the legitimate DNS response incoming from the DNS server. Exploitability of the issue depends exactly on these factors. As the function does not apply any explicit source port randomization, if the operating system is configured to use a fixed or predictable source port, it is likely that the issue can be trivially exploited in a reliable way. If the operating system applies randomization of source port (which is done by all OSs nowadays - for instance, modern Linux kernels use range 32768–60999), exploitability depends on the capacity of the attacker to bruteforce the 16 bit source port value by sending multiple DNS responses, while simultaneously winning the race against the legitimate DNS response. In this situation, exploitability depends on factors such as the bandwidth at disposal of the attacker, or on the response time of the DNS query. Additionally, it is more likely that an attacker is able to succeed at least once in performing a DNS poisoning attack if the target device performs a great number of identical queries in a given time frame, compared to a target that performs just sporadic queries. ----------------------------------- Remediation: It is recommended to harden the implementation of the “__dns_lookup” function by including unpredictable, random transaction IDs at each DNS request. pub rsa4096 2021-01-21 [SC] [expires: 2025-01-20] 8B8C7C296AEC8BD654FF69A6797E06A000A77236 uid Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> sub rsa4096 2021-01-21 [E] [expires: 2025-01-20] pub rsa4096 2021-01-21 [SC] [expires: 2025-01-20] 8B8C7C296AEC8BD654FF69A6797E06A000A77236 uid Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> sub rsa4096 2021-01-21 [E] [expires: 2025-01-20] ----- End forwarded message -----

3 5

urandom seed with random id against dns poison and pre increment local_id for fallback to old simple counter behavior
by C Hanish Menon 04 May '22

04 May '22

Hi, THis patch fixes the oversight wrt local_id post increment, instead of the needed pre increment, in my previous patches. Attached is the full patch against uclibc-ng master, as well as the delta patch against my previous patches (applies equally to both urandomid as well as randomid patches). The above is also available on github at https://github.com/hanishkvc/uclibc-ng-hkvc (master_hkvc_release branch). I understand and use git and github at the bare minimum required, so forgive my ignorance wrt git push/pull... request etal mechanisms that may be available for a better mode of sharing. -- Keep ;-) HanishKVC

1 0

Re: (fwd) Fwd: [ICS-VU-638779, CERT/CC VU#473698] Predictable DNS Transaction IDs in uClibc, uClibc-ng [labs-advisory@nozominetworks.com] - Type2
by C Hanish Menon 04 May '22

04 May '22

Hi, As noted in the last message, this patch uses the combination of /dev/urandom + user space random. Here /dev/urandom periodically (once every 128 random calls) seeds user space using srandom. Inturn user space random prng is used to generate the dns query id. Attached is a) the full patch wrt uclibc master (592574ae535c35de500f6c3e8d8400d0bb0d985a), as well as b) the delta patch wrt my last patch (patch_20220505IST0032_urandomid_against_dnspoison.patch) Based on thoughts from others also either the simple urandom only or this urandom+random based solution could be used against the dns poison issue. Or may be others might have some other strategy in mind. Please do note that this is currently only tested on a x86 linux virtual machine+container environment, by using uclibc-ng and standard linux gcc build setup (coerced to use uclibc-ng by disabling standard includes and passing header paths and libs manually to gcc and inturn verifying the random id using tcpdump and dprints). So testing against other setups would be useful. At a high level chances are on linux or freebsd or similar targets, hopefully the patch should be fine, as it uses only /dev/urandom, srandom and random mainly. -- Keep ;-) HanishKVC

2 1

Re: (fwd) Fwd: [ICS-VU-638779, CERT/CC VU#473698] Predictable DNS Transaction IDs in uClibc, uClibc-ng [labs-advisory@nozominetworks.com]
by C Hanish Menon 04 May '22

04 May '22

Hi, Attached is an updated patch, where I have updated/modified dnsrand_next to int from uint16_t, so that it is the same as local_id (even though local_id does discard the upper 16/...bits), just in case there is some issue in some combination of buildtools/endieness/... In future / Other possibilities: In case reading /dev/urandom is considered to be too much overhead or leading to eating up of entropy in the system from other users perspective or so, one could change to a two level logic, where /dev/urandom is read once every 128 or 256 dns queries to (re)set the seed for the random prng call. And in turn use the random c call for getting the dns query id. As the random prng is reseeded every 128 or 256 calls, so I am lazily assuming that its state cant be leaked from such a short run, to allow anyone to predict the id, before reseeding. -- Keep ;-) HanishKVC

2 1

Bug in memset on ARM
by tombannink＠gmail.com 13 Apr '22

13 Apr '22

Hi, The ARM implementation of memset has a bug when the fill-value is negative or outside the [0, 255] range. To reproduce: int main() { char array[256]; memset(array, -5, 256); for (int i = 0; i < 256; ++i) { printf("%d, ", (int)array[i]); } return 0; } This is supposed to fill the array with int8 values -5, -5, -5, ... . On ARM, this does not work because the implementation assumes the high bytes of the fill-value argument are already zero. However in this test case they are filled with 1-bits. The other implementations that I checked (aarch64 and x86_64) do not have this problem: they first convert the fill-value to an unsigned byte following the specification of memset. With GCC one can use `memset(ptr, (-5 & 0xFF), size)` as a workaround, but for clang users that does not work: clang optimizes the `& 0xFF` away because it assumes that memset will do it. How to fix/patch: In this file: https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/string/arm/mems… Before line 35 (lsl) insert this: uxtb r1, r1 Before line 71 (orr) insert this: uxtb a2, a2 Best regards, Tom

3 11

Re: Bug in math library of uClibc-ng
by Waldemar Brodkorb 12 Apr '22

12 Apr '22

Hi Tom, Tom Bannink wrote, > Hi uClibc-ng developers, > > I've stumbled across a bug in the implementation of `lrint` in uClibc-ng. I'm > not sure where to report this so I'm sending this email. Please let me know if > I can submit an issue on a bugtracker somewhere. I tried to post an issue on > the gitlab page (https://gogs.waldemar-brodkorb.de/oss/uclibc-ng/issues) but it > seems I cannot make an account there. > > The bug is simple to reproduce: `lrint(0.5)` and `lrint(-0.5)` should return 0 > (or +-1 depending on the rounding mode) but instead they return 2 and -2 > respectively. > > The faulty code is the block at lines 55-64 of this file: https:// > cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libm/s_lrint.c > Note that the `lround` function works fine and has very similar code: https:// > cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libm/s_lround.c > > Let me know if you need more information. Can you provide a simple test case for the issue? best regards Waldemar

2 3

[PATCH] libm: fix bug in s_lrint.c
by Waldemar Brodkorb 12 Apr '22

12 Apr '22

Following test case returns 2, which should be 0. int main() { long x = lrint(0.5); printf("%ld", x); return 0; } Fix from glibc commit 6624dbc07b5a9fb316ed188ef01f65b8eea8b47c Signed-off-by: Waldemar Brodkorb <wbx(a)openadk.org> --- libm/s_lrint.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/libm/s_lrint.c b/libm/s_lrint.c index 09800d8de..2a8db9fbe 100644 --- a/libm/s_lrint.c +++ b/libm/s_lrint.c @@ -49,19 +49,13 @@ lrint (double x) if (_j0 < 20) { - if (_j0 < -1) - return 0; - else - { - w = two52[sx] + x; - t = w - two52[sx]; - EXTRACT_WORDS (i0, i1, t); - _j0 = ((i0 >> 20) & 0x7ff) - 0x3ff; - i0 &= 0xfffff; - i0 |= 0x100000; - - result = i0 >> (20 - _j0); - } + w = two52[sx] + x; + t = w - two52[sx]; + EXTRACT_WORDS (i0, i1, t); + _j0 = ((i0 >> 20) & 0x7ff) - 0x3ff; + i0 &= 0xfffff; + i0 |= 0x100000; + result = (_j0 < 0 ? 0 : i0 >> (20 - _j0)); } else if (_j0 < (int32_t) (8 * sizeof (long int)) - 1) { -- 2.30.2

1 0

CVE-2018-1000001
by bbe_5nc1ex0wa4fk＠byom.de 29 Mar '22

29 Mar '22

Hello! Is the latest uclibc affected by CVE-2018-1000001? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001 Running ltp showed that the test for CVE-2018-1000001 (realpath01) fails. realpath01.c:30: TFAIL: returned unexpected errno: SUCCESS (0) https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/sysc… This cve was fixed in glibc with this commit: https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2018-1000001 https://github.com/bminor/glibc/commit/52a713fdd0a30e1bd79818e2e3c4ab44ddca… It looks like the issue is also fixed in uclibc? https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/comm… But maybe uclibc returns a different/wrong return code (SUCCESS) compared to glibc (ENOENT) in this corner case? see also glibc commit message Fix this by checking the path returned by getcwd syscall and falling back to generic_getcwd if the path is not absolute, effectively making getcwd(3) fail with ENOENT. The error code is chosen for consistency with the case when the current directory is unlinked.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

devel