negan07 / ancistrus

Netgear's D7000 Nighthawk Router Experience Distributed Project
https://negan07.github.io/ancistrus/
GNU General Public License v2.0
66 stars 17 forks source link

Google Chrome can not access Admin Page 192.168.0.1 due to Nulls in Header #50

Closed m0lz closed 5 years ago

m0lz commented 5 years ago

Anyone using Chromium (Google Chrome, or other derivatives) version 72 (or above), can not access a D7000 Admin page. If you type 192.168.0.1 in the URL Bar of Chrome, you will get an error page which reads "ERR_INVALID_HTTP_RESPONSE"

Firmware version installed = D7000_V1.0.1.70_1.0.1

See the following topics for reference ..

https://bugs.chromium.org/p/chromium/issues/detail?id=929170

https://bugs.chromium.org/p/chromium/issues/detail?id=927364

https://community.netgear.com/t5/DSL-Modems-Routers/GOOGLE-CHROME-ERROR-PAGE-DUE-TO-NULLS-IN-HEADER-OF-ROUTER/m-p/1701839#M26062

Example of NULLs being returned causing the issue ..

`HTTP/1.1 401 Unauthorized Set-Cookie: <not including this here, though it's just a session token> Server: Date: Thu, 07 Feb 2019 04:56:14 GMT WWW-Authenticate: Basic realm="NETGEAR D7000" Content-Type: text/html Content-Language: en-US,en;q=0.9 X-Frame-Options: SAMEORIGIN

9 X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Connection: close` Because the NULL characters are none Spec, Google Chromium project developers will not fix the issue (which would necessitate reverting Chrome to accepting NULLs), because from Googles point of view they are not only none spec, they are also a potential security risk. Netgear have now end of life on D7000v1 and will also not fix the issue with the official firmware. Its possible also that other browsers (Edge, Firefox) will also follow suit in not allowing NULLs to be accepted, so in future the D7000 can only be supported by the Netgear Genie, which is not Linux compatible (I think anyway), and woefully inadequate for advanced use. Could you please take a look at this issue and possibly fix it ? See comments 26 and 42 for pointers on what to fix, here https://bugs.chromium.org/p/chromium/issues/detail?id=927364 And see comment 44 closes the issue on Chromium as a "Wont Fix".
negan07 commented 5 years ago

the problem resides on mini_httpd headers string creation code

https://acme.com/software/mini_httpd/

all the router with this web server daemon are affected I think

the problem is that netgear uses a very old and customized version of it named 1.17beta1, the latest is the 1.30

in the latest version the add_headers() is different, the piece of code involved above has been removed but this doesn't mean it fixes the issues

bumping the version, will break all the readycloud readyshare parental control & genie support without the necessary patches

m0lz commented 5 years ago

I sent an email to someone at the mini_httpd project, and the response was ..

"Thanks for the report! I was not aware there were NULs in the headers, that definitely sounds like a bug. I'll take a look soon."

So keep an eye out for updates to mini_httpd I reckon :)

negan07 commented 5 years ago

maybe found the bug...

There was an error in the netgear's addition add_headers() function code: the length of the buffer was not updated in the headers involved above causing the issues.

mini_httpd_null_headers_malformed_fix.zip

this package fixes the problem

package available as mini_httpd-1.17beta1-072.ipk

opkg update && opkg install mini_httpd

or through the web gui package manager (install or upgrade packages)

Tried with chromium pc & android mobile 72.0.3626.121 access is full after login.

At this point I don't think there are nulls on the headers of the original mini_httpd code.

m0lz commented 5 years ago

I'm using the official 1.0.1.70_1.0.1 firmware image from Netgear available here https://www.netgear.com/support/product/D7000.aspx#Firmware%20Version%201.0.1.70

The patch you have linked in a zip, I do not know how to use it, but if the fix comes out in a firmware image I am willing to test - If its a case of you have too much on though and want to do other things before providing any firmware image I will keep popping in to check periodically for updates.

Good to see the label "Fixed" though :) .. If its working with chromium 72.0.3626.121 that is proof positive the fix works.

Thank you very much for looking into it, dedicated programmers with the knowledge to solve the issues left behind ought to be paid by Netgear, a full time wage.

negan07 commented 5 years ago

fix confirmed also on chromium ipk mobile

package available as mini_httpd-1.17beta1-072.ipk

opkg update && opkg install mini_httpd

or through the web gui package manager (install or upgrade packages)

blanchg commented 5 years ago

Thank you! I can confirm this works, I had to manually kill the mini_httpd process as rc http stop didn't work

negan07 commented 5 years ago

sorry

rc httpd stop

anyway package available as mini_httpd-1.17beta1-072.ipk

opkg update && opkg install mini_httpd

or through the web gui package manager (install or upgrade packages)

Andreash67 commented 5 years ago

Apologies for the newbie question, but would someone explain the process of applying the patch to the firmware for the D7000, please?

negan07 commented 5 years ago

if not done yet, enter the console and download then execute startup.sh

https://negan07.github.io/ancistrus/

then install the fixed package with:

opkg update && opkg install mini_httpd

penlanone commented 5 years ago

Can anyone advise on the following:

Installing essential packages: zlib openssl curl ancistrus-core utelnetd opkg Downloading https://raw.githubusercontent.com/negan07/ancistrus/gh-pages/ancistrus-arm-D7000/Packages.gz. /etc/opkg: can't resolve symbol 'SSL_CTX_set_next_proto_select_cb' Collected errors: * opkg_prepare_url_for_install: Couldn't find anything to satisfy 'zlib'. zlib installation failed: check repository urls on /etc/opkg.conf

more opkg.conf

src/gz ancistrus-arm-D7000 https://raw.githubusercontent.com/negan07/ancistrus/gh-pages/ancistrus-arm-D7000

src/gz debug https://raw.githubusercontent.com/negan07/ancistrus/gh-pages/debug

src/gz local file:///mnt/shares/U/local

src/gz localdebug https://192.168.0.7/localdebug

arch armD7000 1 arch arm 6 arch all 11 arch any 16 arch noarch 21 dest root / dest ram /tmp option autoremove 1 option tmp_dir /tmp option lock_file /tmp/opkg/run option cache_dir /tmp/opkg/cache option lists_dir /tmp/opkg/lists

many thanks.

negan07 commented 5 years ago

it's an openssl version mismatch

which fw version are you starting with ?

penlanone commented 5 years ago

V1.0.1.70_1.0.1

negan07 commented 5 years ago

retry again from a clean reinstalled fw version

penlanone commented 5 years ago

Perfect, thanks! Yes, ssl was hanging on my first try. I reinstalled a fresh fw, the script completed without error then "opkg update && opkg install mini_httpd " Excellent - no more Chrome errors! ;)

negan07 commented 5 years ago

the first try you made failed because the script was inadequately adapted to partition info/status creation

it was a long time bug discovered now

now startup.sh has been fixed

m0lz commented 5 years ago

negan .. Huuuuge thank you 👍

I have just installed the Firmware image build #552 ( https://github.com/negan07/ancistrus/releases )

Had to use MS Edge to update the Firmware .. But now I have no problems accessing 192.168.0.1 with Chromium Version 72.0.3626.121 (Official Build) (64-bit).

Screenshot - https://i.imgur.com/4yoRkWH.png

And so many new options I have no clue about - I think I need to restrain myself from clicking too many things until I have some idea about all the capabilities therein :)

One final question : On the Ancistrus / Core setup / Service Inhibitions - Is the Telnet Daemon on by default on these routers (its something I have never had access to before, and noticed it is ticked enabled by default after installing this firmware, so wonder if that has always been the case even before installing your firmware) ?. I have turned that off for now, as its something I will not use personally and I have a feeling that makes the router more secure if its disabled, which is desirable in my case.

Edit: PS that closes the issue as far as I am concerned - Thank you very much for your help giving this superb router a few more years life. Will be checking in here and using any future builds and hope to offer more useful info for the project.

Edit 2: The Release file Build #552 was named D7000-V1.0.1.68_1.0.1-ancistrus_negan07-build-552.zip Its no problem as the content of the zip is correct, but ought to be named D7000-V1.0.1.70_1.0.1-ancistrus_negan07-build-552.zip

negan07 commented 5 years ago

negan .. Huuuuge thank you 👍

I have just installed the Firmware image build #552 ( https://github.com/negan07/ancistrus/releases )

Had to use MS Edge to update the Firmware .. But now I have no problems accessing 192.168.0.1 with Chromium Version 72.0.3626.121 (Official Build) (64-bit).

Screenshot - https://i.imgur.com/4yoRkWH.png

And so many new options I have no clue about - I think I need to restrain myself from clicking too many things until I have some idea about all the capabilities therein :)

Have a read to the wiki board to understand all the options and packages before usage and note that the web gui option names link every option to the related wiki paragraph.

One final question : On the Ancistrus / Core setup / Service Inhibitions - Is the Telnet Daemon on by default on these routers (its something I have never had access to before, and noticed it is ticked enabled by default after installing this firmware, so wonder if that has always been the case even before installing your firmware) ?. I have turned that off for now, as its something I will not use personally and I have a feeling that makes the router more secure if its disabled, which is desirable in my case.

It can be disabled if you plan to use web gui only or an ssh client as console terminal.

The choice was to enable telnet console as default because initially there wasn't a web GUI project addition and the only way to install/remove/interact with the new modifications was the terminal console only.

Now it's possible to use telnet or ssh/scp with openssh package and the more intuitive web gui.

Anyway for security reason telnet remote access is disabled because the external login would be unencrypted and exposed to traffic loggers while it's possible to setup a more secure ssh remote console login.

Edit: PS that closes the issue as far as I am concerned - Thank you very much for your help giving this superb router a few more years life. Will be checking in here and using any future builds and hope to offer more useful info for the project.

Edit 2: The Release file Build #552 was named D7000-V1.0.1.68_1.0.1-ancistrus_negan07-build-552.zip Its no problem as the content of the zip is correct, but ought to be named D7000-V1.0.1.70_1.0.1-ancistrus_negan07-build-552.zip

Sorry my mistake

Also the previous monolithic version zip pack was badly named, now both corrected, thanks for the notification.

m0lz commented 5 years ago

:) Thanks again, now that I know what the inhibits do they are a very welcome addition, some nice options there. For now I have inhibited Netgears xCloud because I will never use it.

m0lz commented 5 years ago

@negan07 I know this is closed and you may never read it again, but if you do I would just like to say I have now updated again to #592 and continue to be amazed at the superb unpaid work you are doing here.

Also note, with the official netgear firmware my family used to occasionally experience what seemed to be the router locking up. It used to happen maybe once every couple of weeks, or sometimes it would be a few month before it happened, but when it happened we needed to restart the router to clear the issue.

We have not experienced that issue at all since starting using your firmware updates, and regularly we can have up to 16 devices connected by WIFI plus a WIFI extender upstairs.

You have clearly fixed a lot more underlying issues with this firmware, that we would not have received from Netgear.

Many thanks again, its very much appreciated :).

negan07 commented 5 years ago

I know this is closed and you may never read it again

notifications are still active for this but it seems the problem to be fixed

i don't know if the other problems mentioned are firmware related but the monolithic has a deflated size and resource usage in the average and will help adding more features in the future