[
https://issues.apache.org/jira/browse/TS-3649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gancho Tenev updated TS-3649:
-----------------------------
Attachment: TS-3649-url_sig-security_issues.rtf
Please find information on how to setup the environment and steps to reproduce
both issues in the attached file.
> url_sig plugin security issues (crash by HTTP request, circumvent signature)
> ----------------------------------------------------------------------------
>
> Key: TS-3649
> URL: https://issues.apache.org/jira/browse/TS-3649
> Project: Traffic Server
> Issue Type: Bug
> Components: Plugins
> Reporter: Gancho Tenev
> Attachments: TS-3649-url_sig-security_issues.rtf
>
>
> While reading the code found 2 security issues url_sig code which would allow:
> - Issue 1: to crash ATS which is running the url_sig plugin by using an HTTP
> request (segmentation fault due out-of-bounds array access) - there is a need
> of proper sanitation of the key index input (query parameter)
> - Issue 2: to gain access to protected assets by signing the URL with an
> empty secret key if at least one of the 16 keys is not provided in the
> uri_sig plugin configuration. One could "scan" trying all keys 0 to 15 and
> for the empty key the signature validation would succeed - must to deny
> access if the key specified in the signature is not defined in the plugin
> config (empty).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
