Talos security advisory for Blender product (TALOS-2017-0451) #52924
Labels
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset System
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Viewport & EEVEE
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Asset Browser Project
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Module
Viewport & EEVEE
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Severity
High
Severity
Low
Severity
Normal
Severity
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
11 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: blender/blender#52924
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
System Information
Operating system and graphics card
Blender Version
Tested Versions - Blender v2.78c (32-bit)
Short description of error Files sent via separate communication including report
Exact steps for others to reproduce the error
Based on a (as simple as possible) attached .blend file with minimum amount of steps
TALOS-2017-0451
TALOS-2017-0452
TALOS-2017-0453
TALOS-2017-0454
TALOS-2017-0455
TALOS-2017-0456
TALOS-2017-0457
Changed status to: 'Open'
Added subscriber: @regiwils
Added subscriber: @LazyDodo
I guess there's some internal emails for you to look at?
Added subscriber: @Ton
I have all the information in a private mail. It's quite interesting and elaborately documented.
It also includes a .blend that would (i guess) create an exploit. Will send that to the hardcore devs here in private
Thanks for your response/review. Look forward to hearing any feedback/new developments.
Just for everyone's interest, this is part of the report in the mail.
2017-MM-DD (published patch date)
TALOS-2017-0452
CVE-2017-12100
Blender multires_load_old_dm base vertex map Integer Overflow Code Execution Vulnerability
Summary
An exploitable integer overflow exists in the
multires_load_old_dm
functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.Tested Versions
Blender v2.78c (32-bit)
Product URLs
http:*www.blender.org
git:*git.blender.org/blender.git
CVSSv3 Score
8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
CWE-190 - Integer Overflow or Wraparound
Details
Blender is a professional, open-source 3d computer graphics application. It is used for creating animated films, visual effects, art, 3d printed applications, and video games. It is also capable of doing minimalistic video editing and sequencing as needed by the user. There are various features that it provides which allow for a user to perform a multitude of actions as required by a particular project.
This vulnerability occurs when loading an old
Multires
structure from aMesh
into a newer format. When handling an older version of a .blend file, the application will call a function to initialize the base vertices used for multi-resolution meshes. When allocating space for these vertices, the application will use the total number of vertices in some arithmetic which can overflow. This will then be used to perform an allocation which can be made to be smaller than the total number of vertices used to initialize an array. When initializing this array, the application can then write outside the bounds of the array which causes a heap-based buffer overflow.After loading all the basic-blocks in a file, the application will call the
blo_do_versions_250
function. This function will check the version of the file as specified in theFileGlobals
structure and use it to perform various transformations on the data-structures in the file in order to provide backwards compatibility. At - [x], the application will check if the version is less than or equal to 250 and that thesubversionfile
field is less than 1 (exclusive). After this is verified, the application will iterate through all theObject
data-blocks in the file and at - [x] check to see if itstype
field is set toOB_MESH(1)
. If so, then the object and its associatedMesh
that's pointed to by thedata
field is then passed themultires_load_old
function at [3].Once inside the
multires_load_old
function, at - [x] the application will assign a pointer to aMultires
structure from theMesh
structure'smr
field. Dereferencing thelevels
field results in aMultiresData
structure that contains a number of fields that are re-assigned to theMesh
structure. In these fields, the value oftotvert
is significant to note as it is used to trigger this vulnerability. Once re-assigning the fields at - [x], the application will then convert the faces defined by theMesh
into polygons which is then used to create aDerivedMesh
object. This and theMesh
itself are passed as arguments tomultires_load_old_dm
at [6].The
multires_load_old_dm
function is responsible for converting the oldMultires
-formatted structure into its newer format. At - [x], the application will assign themr
field belonging to theMesh
to a pointer. At - [x], the application will extract the total number of vertices defined within theDerivedMesh
that was made earlier using the fields from theMesh
structure and assign the result to thetotvert
variable. Once this is done, at - [x] the application will use this variable to calculate a product using the size of an int (4) with the number of vertices and pass this as a size for an allocation. If the result of this arithmetic has a result larger than a 32-bit number, then this allocation will overflow resulting in an undersized buffer. At [10], when the application attempts to initialize this array, the application will use the difference between the total number of vertices in the firstMultiresData
and the total number of vertices in the secondMultiresData
from the file to write into the array. During this, an out-of-bounds write can occur resulting in a heap-based buffer overflow. Within the provided proof-of-concept, the value used for the level 1totvert
field is 1. This type of overwrite can allow for code execution within the context of the application.Crash Information
Exploit Proof-of-Concept
Included with this advisory is a generator for the vulnerability. This proof-of-concept requires python and takes a single-argument which is the filename to write the .blend file to.
To trigger the vulnerability, one can simply open the file or use it as a library. It can also be passed as an argument to the blender executable.
Mitigation
In order to mitigate this vulnerability, it is recommended to not use untrusted blender files.
Credit
Discovered by a member of Cisco Talos.
http://talosintelligence.com/vulnerability-reports/
Timeline
YYYY-MM-DD - Vendor Disclosure
YYYY-MM-DD - Public Release
Added subscriber: @ideasman42
Any reason to keep both open? #52654
There are a total of 19 issues outstanding. Are there any additional updates for the following:
TALOS-2017-0452
TALOS-2017-0453
TALOS-2017-0454
TALOS-2017-0455
TALOS-2017-0456
TALOS-2017-0457
TALOS-2017-0413
TALOS-2017-0433
TALOS-2017-0434
TALOS-2017-0425
TALOS-2017-0406
TALOS-2017-0407
TALOS-2017-0408
TALOS-2017-0409
TALOS-2017-0410
TALOS-2017-0411
TALOS-2017-0412
TALOS-2017-0413
TALOS-2017-0414
TALOS-2017-0415
The Cisco team keeps mailing me in private about this. I really don't mind a public discussion.
I wrote:
Cisco reply:
My reply:
Added subscriber: @yyounan
So exploits are unlikely to be created accidentally by using Blender. What we're saying is that if an attacker purposefully creates a malicious file that a user then loads, that user could be compromised. The vulnerabilities exist not only in .blend files, but also in BMP, TIFF and other file formats supported by Blender.
Added subscriber: @brecht
Realistically, Blender is not well protected against these kinds of attacks, and the same is true for other CG software (often you can run arbitrary embedded scripts on file load, which Blender at least prevents). Anyone capable of exploiting these reported vulnerabilities can find 10 more in Blender and its library dependencies. As far as I'm concerned, opening a file with Blender should be considered like opening a file with the Python interpreter, you have the trust to the source it is coming from.
CG artists might not be aware of this and that's a problem, but fixing these issues one by one is also a waste of time in my opinion. You'd need to completely review the code and architecture to get anywhere near real security, and I don't see that happening soon for Blender, or similar CG software for that matter.
Cisco wrote this yesterday:
http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html
For the record - a day after Brecht's reply I talked to a Cisco engineer who offered to help us with it.
Brecht is speaking here on his own terms, as one of the core team members but it's not an official Blender Foundation statement that we don't take these vulnerabilities seriously. There are just no simple or easy answers.
@yyounan now that they are published and I wouldn't mind taking a quick peek (I'm not with the BF, had no access before). Most of the reports mention
but I don't think they made it onto the website? anything you can do there?
Right, I am not speaking for the Blender Foundation. Nor am I saying vulnerabilities should not be taken seriously, but rather that if anyone is serious about making loading arbitrary .blend files in Blender secure, fixing these issues reported by TALOS will not get us much closer to that. Users should understand that loading untrusted scene files in Blender and other CG software is not currently secure, and not get the false impression that software developers addressing the occasional reported issue means it will be secure.
For background on security and arbitrary code execution in CG software in general, see here:
https://www.security-assessment.com/files/documents/presentations/Hacking-Hollywood_Nick-Freeman_Ruxcon2011.pdf
(Also not speaking for the Blender Foundation)
Thinking what could be the solution could be here, since currently a blend file is basically a memory dump which has few validation checks on load.
Suggestion:
It would not be so hard to setup a fuzzer that uses existing Blend files in our test repository, injecting errors, which runs as part of a test, using tools such as ASAN / Valgrind to detect errors.
One area I think might end up being difficult to solve well is making sure partially loaded files don't have errors with invalid data - making sure versioning code can optionally perform these extra checks too.
Nevertheless - validating a blend file once it's loaded could be a first step, other issues could be handled on a case-by-case basis.
I agree it would be good to validate .blend file contents, in the generic ways that you mention it probably wouldn't add too much code complexity? The tricky part is the more complex data relations, mesh being the primary one for which we already have a validation function, but there's other ones which could be corrupted too (particles, curves, node trees, ..).
There's vulnerabilities after .blend file loading as well, if you can create a modifier setup that crashes for example, or can make a memory allocation fail in code that doesn't check if malloc returns
NULL
, ... .I think the security issues in image file loading are probably the important thing to fix first, since those are generally expected to be safe to load. Maybe updating to the latest library versions for all our dependencies. But note that for example even the latest OpenEXR release has issues too:
https://github.com/openexr/openexr/issues/232
Right, making data which doesn't crash but is logically invalid is a problem, although I'm not sure these are security issues.
AFAIK these could cause infinite loops or crash on NULL pointer access *. but aren't bugs that expose Blender to attacks.
* If it's indexed it could be used to exploit I'd imagine.
Right, what I mean is that invalid data that slips through .blend file loading could cause crashes later on, because the code generally assumes it to be valid and what happens when it isn't is unpredictable. And also technically valid data can cause problems.
For example an attacker could stuff executable code in mesh vertex coordinates (which can be arbitrary bits), and as a result all mesh processing code would need to be checked for buffer overflows, in modifiers, rendering, etc. I'm not sure what kind of severity such crashes would be assigned, but it's not obvious to me that they would be harder to exploit than the multires issue described in #52924#462765.
And to be a bit more explicit: if I had to guess, then I estimate that seriously securing Blender against these types of attacks would take at least 4 developers working full time for 2 years. Which is not an argument against addressing vulnerabilities, but just to give an idea of the cost.
Added subscriber: @blend-it
I thought that the main culprit was that we allow memory size be calculated without checks for integer overflows.
A way to fix is it to use a malloc function that accepts two args (how calloc() does it) and to make an integer mult function with boundary checks.
And: get a GSoC student to help with it :)
The reported vulnerabilities indeed are all based on cases where there is some overflow in computing the size for memory allocation, and which can be triggered by changing an integer in the file.
While it's fine to address issues raised in these reports - the errors found were using an automated tool, in some ways it's not so different from this kinds of reports (#18799 #39858) just more detailed.
Anyone looking could probably find as many buffer overrun bugs in blend file loading code (unterminated strings in the blend file for eg).
There are quite a few places that could be used for intentional stack smashing.
BLI_make_file_string
add_name
(makesdna.c)rna_ParticleTarget_name_get
While all kinds of security risks should be taken seriously, it seems odd only to bother fixing issues with CVE's, when other kinds of errors aren't hard to spot in the code.
Indeed, that's the point I was trying to make in #52924#469725. In my opinion there is nothing we can do to fundamentally improve .blend file loading security against these types of (difficult and somewhat unlikely) attacks in the short term. Ironically, if we had worse security and allowed executing embedded scripts on load by default as a feature, like other software, then these wouldn't really be vulnerabilities.
However there's some practical issues like FreeBSD giving build errors when a package version has open CVEs, and just the fact that it looks bad. For image files at least we can consider any known issues important to fix. So we might as well get the CVEs fixed for 2.79a I think.
@brecht the time you posted, I didn't realize these were found with an automatic detection method.
Some additional comments:
temp-openjpeg23
branch. Last time we looked into using the new library there was a conflict with OpenImageIO. Not sure if it's resolved now.oiio will build against openjpeg 2.x, however when updating the openjpeg in /extern we'll also have to update (atleast for windows) the oiio/openjpeg libs in svn so this upgrade will have to be coordinated with the platform teams.
The image related CVEs reported here are now fixed.
Our libpng, libjpeg and openexr versions also have open CVEs, and possibly other libraries. I've created D3005 for these image library updates, but I doubt we can get this done for 2.79a.
We now have fixes for the other vulnerabilities in .blend file loading ass well.
While the specific overflow issue may be fixed, loading the repro .blend files may still crash because they are incomplete and corrupt. The way they crash may be impossible to exploit, but this is difficult to prove. As already mentioned, making loading of malicious .blend files safe in general would be a huge project, so that was never going to happen in the short term.
Added subscriber: @antoniov
@brecht What I need to look for/change in greasepencil-object branch to apply these fixes?
As this branch was not part of your update patch, I would like to apply the fix before merge to 2.8 and avoid add new vulnerabilities when the merge will be done.
Merge with
blender2.8
as you were already doing, and useMEM_malloc_arrayN()
functions in new code. But note that we did not use these functions in all of Blender yet, just a few parts related to the reports. So even if the grease pencil code did not use them, that wouldn't make much difference.Added subscriber: @oxben
Was it done on purpose that the vulnerability fixes have been pushed to the branch blender-v2.79-release and not blender-v2.79a-release?
Added subscriber: @MarcClintDion
This comment was removed by @MarcClintDion
Thanks for catching that, fixed now.
Changed status from 'Open' to: 'Resolved'
All the known security issues has been fixed in Blender code, and are part of 2.79a release (which is currently at RC state).