[wakaama-dev] Security Fix: PSK Keys Might Be Truncated

[Frank Gerlach <Frank_Gerlach@xxxxxxxx>]

Hello all,

As mentioned in previous emails, the following code represents a security risk, because keys would be truncated at the first zero-valued octet.

 

Also, the behavior is UNDEFINED, when there is no zero after the the psk buffer.

 

Please fix.

 

Thanks

 

Frank Gerlach

 

--- a/examples/client/object_security.c

+++ b/examples/client/object_security.c

@@ -507,7 +507,10 @@ lwm2m_object_t * get_security_object(int serverId,

             targetP->securityMode = LWM2M_SECURITY_MODE_PRE_SHARED_KEY;

             targetP->publicIdentity = strdup(bsPskId);

             targetP->publicIdLen = strlen(bsPskId);

-            targetP->secretKey = strdup(psk);

+            targetP->secretKey = malloc(pskLen+1);

+            targetP->secretKey[pskLen]=0;//make sure some other dirty code does not crash

+            memcpy(targetP->secretKey,psk,pskLen);

+            //WRONG: targetP->secretKey = strdup(psk);

 

 

 

 

Frank Gerlach

Senior Software Engineer

 

Office: +375 17 389 0100 x 23178   Cell: +375 29 877 4976    Email: frank_gerlach@xxxxxxxx

Minsk, Belarus (GMT+3)   epam.com

 

CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies.