Daniel Stenberg wrote: > Hey > > I just spotted this: > > http://article.gmane.org/gmane.linux.mandrake.security.announce/2077 > > ... which refers to the CVE number for the NSS flaw in the same style > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408) but I was > still a bit surprised since I've not seen any public patch posts here. > Or did I miss that? What did the Mandriva guys apply? I couldn't find > their patch.
The CVE link 404s for me. Is it the NUL character issue? That was fixed in the mainline development repository with changeset 2d8c76a23e7d; I made some modifications to it in a follow-up changeset f2d2ca32fd1b. I've attached a diff that combines them both. (The exploit addressed by this fix is described at https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike) -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer. Maintainer of GNU Wget and GNU Teseq http://micah.cowan.name/
diff -r 606f9637368b src/ChangeLog --- a/src/ChangeLog Mon Aug 17 20:47:05 2009 -0700 +++ b/src/ChangeLog Fri Aug 21 17:44:24 2009 -0700 @@ -1,3 +1,14 @@ +2009-08-19 Micah Cowan <[email protected]> + + * openssl.c (ssl_check_certificate): Only warn about an attack if + the hostname would otherwise have matched. Also some formatting + cleanup. + +2009-08-19 Joao Ferreira <[email protected]> + + * openssl.c (ssl_check_certificate): Detect embedded NUL + characters in the SSL certificate common name. + 2009-08-17 Tony Lewis <[email protected]> * http.c (gethttp): Ensure that we parse Content-Length before we diff -r 606f9637368b src/openssl.c --- a/src/openssl.c Mon Aug 17 20:47:05 2009 -0700 +++ b/src/openssl.c Fri Aug 21 17:44:24 2009 -0700 @@ -569,9 +569,11 @@ - Ensure that ASN1 strings from the certificate are encoded as UTF-8 which can be meaningfully compared to HOST. */ + X509_NAME *xname = X509_get_subject_name(cert); common_name[0] = '\0'; - X509_NAME_get_text_by_NID (X509_get_subject_name (cert), - NID_commonName, common_name, sizeof (common_name)); + X509_NAME_get_text_by_NID (xname, NID_commonName, common_name, + sizeof (common_name)); + if (!pattern_match (common_name, host)) { logprintf (LOG_NOTQUIET, _("\ @@ -579,6 +581,41 @@ severity, quote (common_name), quote (host)); success = false; } + else + { + /* We now determine the length of the ASN1 string. If it differs from + * common_name's length, then there is a \0 before the string terminates. + * This can be an instance of a null-prefix attack. + * + * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike + * */ + + int i = -1, j; + X509_NAME_ENTRY *xentry; + ASN1_STRING *sdata; + + if (xname) { + for (;;) + { + j = X509_NAME_get_index_by_NID (xname, NID_commonName, i); + if (j == -1) break; + i = j; + } + } + + xentry = X509_NAME_get_entry(xname,i); + sdata = X509_NAME_ENTRY_get_data(xentry); + if (strlen (common_name) != ASN1_STRING_length (sdata)) + { + logprintf (LOG_NOTQUIET, _("\ +%s: certificate common name is invalid (contains a NUL character).\n\ +This may be an indication that the host is not who it claims to be\n\ +(that is, it is not the real %s).\n"), + severity, quote (host)); + success = false; + } + } + if (success) DEBUGP (("X509 certificate successfully verified and matches host %s\n",
