Author: bebuild Date: Wed Apr 8 12:30:11 2015 New Revision: 434420 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=434420 Log: Merge changes for AST-2015-003
Modified: certified/tags/13.1-cert2/ (props changed) certified/tags/13.1-cert2/ChangeLog certified/tags/13.1-cert2/main/tcptls.c Propchange: certified/tags/13.1-cert2/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Apr 8 12:30:11 2015 @@ -1,1 +1,2 @@ /branches/13:429273,431153 +/certified/branches/13.1:434418 Modified: certified/tags/13.1-cert2/ChangeLog URL: http://svnview.digium.com/svn/asterisk/certified/tags/13.1-cert2/ChangeLog?view=diff&rev=434420&r1=434419&r2=434420 ============================================================================== --- certified/tags/13.1-cert2/ChangeLog (original) +++ certified/tags/13.1-cert2/ChangeLog Wed Apr 8 12:30:11 2015 @@ -1,3 +1,28 @@ +2015-04-08 Asterisk Development Team <asteriskt...@digium.com> + + * Certified Asterisk 13.1-cert2 Released. + + * Mitigate MitM attack potential from certificate with NULL byte in CN. + + When registering to a SIP server with TLS, Asterisk will accept CA + signed certificates with a common name that was signed for a domain + other than the one requested if it contains a null character in the + common name portion of the cert. This patch fixes that by checking + that the common name length matches the the length of the content we + actually read from the common name segment. Some certificate + authorities automatically sign CA requests when the requesting CN + isn't already taken, so an attacker could potentially register a CN + with something like www.google.com\x00www.secretlyevil.net and have + their certificate signed and Asterisk would accept that certificate + as though it had been for www.google.com. + + ASTERISK-24847 #close + Reported by: Maciej Szmigiero + patches: + asterisk-null-in-cn.patch uploaded by mhej (license 6085) + + AST-2015-003 + 2015-01-30 Asterisk Development Team <asteriskt...@digium.com> * Certified Asterisk 13.1-cert1 Released. Modified: certified/tags/13.1-cert2/main/tcptls.c URL: http://svnview.digium.com/svn/asterisk/certified/tags/13.1-cert2/main/tcptls.c?view=diff&rev=434420&r1=434419&r2=434420 ============================================================================== --- certified/tags/13.1-cert2/main/tcptls.c (original) +++ certified/tags/13.1-cert2/main/tcptls.c Wed Apr 8 12:30:11 2015 @@ -640,9 +640,15 @@ break; } str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos)); - ASN1_STRING_to_UTF8(&str2, str); + ret = ASN1_STRING_to_UTF8(&str2, str); + if (ret < 0) { + continue; + } + if (str2) { - if (!strcasecmp(tcptls_session->parent->hostname, (char *) str2)) { + if (strlen((char *) str2) != ret) { + ast_log(LOG_WARNING, "Invalid certificate common name length (contains NULL bytes?)\n"); + } else if (!strcasecmp(tcptls_session->parent->hostname, (char *) str2)) { found = 1; } ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", tcptls_session->parent->hostname, str2); -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits