{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":324596008,"defaultBranch":"osdp","name":"zephyr","ownerLogin":"goToMain","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2020-12-26T16:43:55.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/69145836?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1698879740.0","currentOid":""},"activityList":{"items":[{"before":"4c050f21a29d0077702163de8851d2996c9be015","after":"dd70ecf0acbd7233b676d02da188bf17eb3d8902","ref":"refs/heads/osdp_sc_fix","pushedAt":"2024-06-07T10:43:26.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: cp: disallow unexpected SC responses\n\nWhen CP has a secure channel active, it should never receive a\nREPLY_CCRYPT or REPLY_RMAC_I. Since these responses change the SC state,\nlet's also make sure that they are accepted only when they are\nexpected: in response to commands CMD_CHLNG and CMD_SCRYPT respectively.\n\nReported-by: Eran Jacob <eran.jacob@otorio.com>\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: cp: disallow unexpected SC responses"}},{"before":"c2d5ee4be320358ec83f9f9bc74c4b1023514837","after":"4c050f21a29d0077702163de8851d2996c9be015","ref":"refs/heads/osdp_sc_fix","pushedAt":"2023-11-01T23:12:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: cp: disallow unexpected SC responses\n\nWhen CP has a secure channel active, it should never receive a\nREPLY_CCRYPT or REPLY_RMAC_I. Since these responses change the SC state,\nlet's also make sure that they are accepted only when they are\nexpected: in response to commands CMD_CHLNG and CMD_SCRYPT respectively.\n\nReported-by: Eran Jacob <eran.jacob@otorio.com>\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: cp: disallow unexpected SC responses"}},{"before":null,"after":"c2d5ee4be320358ec83f9f9bc74c4b1023514837","ref":"refs/heads/osdp_sc_fix","pushedAt":"2023-11-01T23:02:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: cp: disallow unexpected SC responses\n\nWhen CP has a secure channel active, it should never receive a\nREPLY_CCRYPT or REPLY_RMAC_I. Since these responses change the SC state,\nlet's also make sure that they are accepted only when they are\nexpected: in response to commands CMD_CHLNG and CMD_SCRYPT respectively.\n\nReported-by: Eran Jacob <eran.jacob@otorio.com>\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: cp: disallow unexpected SC responses"}},{"before":"66d063a54e91d6007caf79d6c22693af2381af12","after":"0569c669a111afcd07e20c1fbd9591ecba606c4c","ref":"refs/heads/osdp_fix","pushedAt":"2023-10-24T21:08:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Fix off-by-one in buf len checks\n\nInitially, the command/reply ID byte was not part of the data length\nmacros. But later, when it was changed to include it, the buffer length\nchecks was not adjusted. Due to this, we were not using the last byte in\nthe buffer. Fix this issue by correcting the condition.\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Fix off-by-one in buf len checks"}},{"before":"b7cab32292803ebbef5a466a164e48a8b2b1e845","after":"66d063a54e91d6007caf79d6c22693af2381af12","ref":"refs/heads/osdp_fix","pushedAt":"2023-09-26T21:24:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Replace __ASSERT() with an explicit if\n\nCommit c7fec71193a (\"mgmt/osdp: Add length checks for commands and\nreplies\") attempted to remove code duplication by adding a macro to perform\na length check. At the time, a CI linter did not like macros with control\nflow so the code was switched to a method which called __ASSERT() on this\ncondition.\n\nThe __ASSERT() macro is a nop if CONFIG_ASSERT=n (which is the default) and\ncauses the buffer access to be unguarded which may lead to OOB accesses.\nThis patch fixes the issue by reintroducing the if check.\n\nFixes: c7fec71193a19f6be1a2adca8cf7753cd7103c78.\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Replace __ASSERT() with an explicit if"}},{"before":null,"after":"b7cab32292803ebbef5a466a164e48a8b2b1e845","ref":"refs/heads/osdp_fix","pushedAt":"2023-09-26T21:21:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Replace __ASSERT() with an explicit if\n\nCommit c7fec71193a (\"mgmt/osdp: Add length checks for commands and\nreplies\") attempted to remove code duplication by adding a macro to perform\na length check. At the time, a CI linter did not like macros with control\nflow so the code was switched to a method which called __ASSERT() on this\ncondition.\n\nThe __ASSERT() macro is a nop if CONFIG_ASSERT=n (which is the default) and\ncauses the buffer access to be unguarded which may lead to OOB accesses.\nThis patch fixes the issue by reintroducing the if check.\n\nFixes: c7fec71193a19f6be1a2adca8cf7753cd7103c78.\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Replace __ASSERT() with an explicit if"}},{"before":"fe3ae09d24b221221fcc1ed0e4fa85066d896a0a","after":"b737fd6846b47ec553c26326ddef6798a0b76dc7","ref":"refs/heads/osdp_sc_fixes","pushedAt":"2023-04-02T20:01:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Clear secure channel base key from stack\n\nSecure Channel Base Key (SCBK) is a secret key used to derive the session\nkeys used to encrypt and decrypt OSDP packets. Secure coding practice\nrequires us to clear such sensitive data from stack once we are done\nneeding it. This patch addresses this issue.\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Clear secure channel base key from stack"}},{"before":"62d3ae09272a2352fa2780cb2925885224b4e587","after":"fe3ae09d24b221221fcc1ed0e4fa85066d896a0a","ref":"refs/heads/osdp_sc_fixes","pushedAt":"2023-03-12T20:42:55.344Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Make sure we decrypt atleast one block\n\nOSDP secure channel message blocks are terminated with a 0x80. This means\nthat even for zero length messages, we would have at least one block of\nencrypted data to decrypt (since message blocks are rounded up to the next\n16 byte boundary). The current length assertion checks for 16 byte\nalignment but a malicious peer could send a specially crafted packet with\nzero length blocks. Fix this issue by adding check for length == 0 case.\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Make sure we decrypt atleast one block"}},{"before":"ccf2e16bb2f9c8b4d6d609ebc4ac1d0245fb01eb","after":"62d3ae09272a2352fa2780cb2925885224b4e587","ref":"refs/heads/osdp_sc_fixes","pushedAt":"2023-03-12T20:40:07.862Z","pushType":"push","commitsCount":1,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: Make sure we decrypt atleast one block\n\nOSDP secure channel message blocks are terminated with a 0x80. This means\nthat even for zero length messages, we would have at least one block of\nencrypted data to decrypt (since message blocks are rounded up to the next\n16 byte boundary). The current length assertion checks for 16 byte\nalignment but a malicious peer could send a specially crafted packet with\nzero length blocks. Fix this issue by adding check for length == 0 case.\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: Make sure we decrypt atleast one block"}},{"before":null,"after":"ccf2e16bb2f9c8b4d6d609ebc4ac1d0245fb01eb","ref":"refs/heads/osdp_sc_fixes","pushedAt":"2023-03-07T20:09:54.740Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sidcha","name":"Siddharth Chandrasekaran","path":"/sidcha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2995609?s=80&v=4"},"commit":{"message":"mgmt/osdp: discard secure channel if KEYSET is ACKed in plaintext\n\nHID readers are responding to a KEYSET command with an ACK in plaintext\ninstead of using the current session keys to acknowledge this command\n(which is the reasonable thing to do as the command itself was received\nencrypted with the old key). Since the spec doesn't say anything about\nthis, both methods are technically correct.\n\nMake changes to CP so it allows ACKs in plaintext for KEYSET command in\nparticular and make the PD implementation do this too as it makes the code\nlook cleaner there (perhaps HID did it for the same reasons :D).\n\nSigned-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>","shortMessageHtmlLink":"mgmt/osdp: discard secure channel if KEYSET is ACKed in plaintext"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEXxy6nQA","startCursor":null,"endCursor":null}},"title":"Activity · goToMain/zephyr"}