Author: tille Date: 2012-12-07 08:30:03 +0000 (Fri, 07 Dec 2012) New Revision: 16374
Modified: trunk/axis/debian/changelog trunk/axis/debian/patches/06-fix-CVE-2012-5784.patch Log: Really fix CVE-2012-5784 (Closes: #692650) Modified: trunk/axis/debian/changelog =================================================================== --- trunk/axis/debian/changelog 2012-12-05 22:13:39 UTC (rev 16373) +++ trunk/axis/debian/changelog 2012-12-07 08:30:03 UTC (rev 16374) @@ -1,3 +1,12 @@ +axis (1.4-16.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix CVE-2012-5784 (Closes: #692650) + * Fix CN extraction from DN of X500 principal. + * Fix wildcard validation on ssl connections + + -- Alberto Fernández Martínez <[email protected]> Thu, 6 Dec 2012 14:28:00 +0100 + axis (1.4-16.1) unstable; urgency=low * Non-maintainer upload. Modified: trunk/axis/debian/patches/06-fix-CVE-2012-5784.patch =================================================================== --- trunk/axis/debian/patches/06-fix-CVE-2012-5784.patch 2012-12-05 22:13:39 UTC (rev 16373) +++ trunk/axis/debian/patches/06-fix-CVE-2012-5784.patch 2012-12-07 08:30:03 UTC (rev 16374) @@ -1,25 +1,33 @@ -Description: Validates the hostname requested is the same in the certificate in ssl-connections - Fixes CVE-2012-5784, validates hostname certificate in SSL connections. - Backported from http-client 4, and from Apache Synapse (plus some bugfixes). +Description: Fixed CN extraction from DN of X500 principal and wildcard validation -Author: Alberto Fernandez <[email protected]> -Bug-Debian: http://bugs.debian.org/692650 -Forwarded: no + axis (1.4-16.2) unstable; urgency=low + * Fixed CN extraction from DN of X500 principal and wildcard validation +Author: Alberto Fernández Martínez <[email protected]> + +Origin: other +Bug-Debian: http://bugs.debian.org/692650 +Forwarded: https://issues.apache.org/jira/browse/AXIS-2883 +Last-Update: <2012-12-06> + --- axis-1.4.orig/src/org/apache/axis/components/net/JSSESocketFactory.java +++ axis-1.4/src/org/apache/axis/components/net/JSSESocketFactory.java -@@ -19,6 +19,8 @@ import org.apache.axis.utils.Messages; - import org.apache.axis.utils.XMLUtils; - import org.apache.axis.utils.StringUtils; +@@ -15,12 +15,6 @@ + */ + package org.apache.axis.components.net; -+import javax.net.ssl.SSLException; -+import javax.net.ssl.SSLSession; - import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; +-import org.apache.axis.utils.Messages; +-import org.apache.axis.utils.XMLUtils; +-import org.apache.axis.utils.StringUtils; +- +-import javax.net.ssl.SSLSocket; +-import javax.net.ssl.SSLSocketFactory; import java.io.BufferedWriter; -@@ -28,7 +30,15 @@ import java.io.OutputStream; + import java.io.IOException; + import java.io.InputStream; +@@ -28,7 +22,27 @@ import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.PrintWriter; import java.net.Socket; @@ -32,10 +40,22 @@ +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; ++import java.util.Locale; ++import java.util.StringTokenizer; ++import java.util.regex.Pattern; ++ ++import javax.net.ssl.SSLException; ++import javax.net.ssl.SSLSession; ++import javax.net.ssl.SSLSocket; ++import javax.net.ssl.SSLSocketFactory; ++ ++import org.apache.axis.utils.Messages; ++import org.apache.axis.utils.StringUtils; ++import org.apache.axis.utils.XMLUtils; /** -@@ -41,6 +51,10 @@ import java.util.Hashtable; +@@ -41,6 +55,10 @@ import java.util.Hashtable; */ public class JSSESocketFactory extends DefaultSocketFactory implements SecureSocketFactory { @@ -46,7 +66,7 @@ /** Field sslFactory */ protected SSLSocketFactory sslFactory = null; -@@ -187,6 +201,255 @@ public class JSSESocketFactory extends D +@@ -187,6 +205,260 @@ public class JSSESocketFactory extends D if (log.isDebugEnabled()) { log.debug(Messages.getMessage("createdSSL00")); } @@ -104,7 +124,7 @@ + } + + Certificate[] certs = session.getPeerCertificates(); -+ verifyHostName(host.trim().toLowerCase(), (X509Certificate) certs[0]); ++ verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]); + } + /** + * Extract the names from the certificate and tests host matches one of them @@ -121,7 +141,7 @@ + + String cn = getCN(cert); + String[] subjectAlts = getDNSSubjectAlts(cert); -+ verifyHostName(host, cn.toLowerCase(), subjectAlts); ++ verifyHostName(host, cn.toLowerCase(Locale.US), subjectAlts); + + } + @@ -174,7 +194,7 @@ + for (int i = 0; i < subjectAlts.length; i++){ + String name = subjectAlts[i]; + if (name != null) { -+ name = name.toLowerCase(); ++ name = name.toLowerCase(Locale.US); + if (verifyHostName(host, name)){ + return; + } @@ -191,44 +211,41 @@ + } + + private static boolean verifyHostName(final String host, final String cn){ -+ if (doWildCard(cn)) { ++ if (doWildCard(cn) && !isIPAddress(host)) { + return matchesWildCard(cn, host); + } -+ return host.equalsIgnoreCase(cn); ++ return host.equalsIgnoreCase(cn); + } + private static boolean doWildCard(String cn) { + // Contains a wildcard + // wildcard in the first block + // not an ipaddress (ip addres must explicitily be equal) + // not using 2nd level common tld : ex: not for *.co.uk -+ return -+ cn.indexOf("*.")>=0 && -+ cn.indexOf('.') > cn.indexOf("*.") && -+ !isIPAddress(cn) && -+ acceptableCountryWildcard(cn); ++ String parts[] = cn.split("\\."); ++ return parts.length >= 3 && ++ parts[0].endsWith("*") && ++ acceptableCountryWildcard(cn) && ++ !isIPAddress(cn); + } + -+ private static boolean isIPAddress(final String cn) { -+ // IPv6 -+ if (cn.contains(":")) { -+ return true; -+ } -+ // IPb4 -+ boolean isIP4 = true; -+ String tld = cn; -+ int x = cn.lastIndexOf('.'); -+ // We only bother analyzing the characters after the final dot -+ // in the name. -+ if (x >= 0 && x + 1 < cn.length()) { -+ tld = cn.substring(x + 1); -+ } -+ for (int i = 0; i < tld.length(); i++) { -+ if (!Character.isDigit(tld.charAt(0))) { -+ isIP4 = false; -+ break; -+ } -+ } -+ return isIP4; ++ private static final Pattern IPV4_PATTERN = ++ Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$"); ++ ++ private static final Pattern IPV6_STD_PATTERN = ++ Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$"); ++ ++ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN = ++ Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$"); ++ ++ ++ private static boolean isIPAddress(final String hostname) { ++ return hostname != null ++ && ( ++ IPV4_PATTERN.matcher(hostname).matches() ++ || IPV6_STD_PATTERN.matcher(hostname).matches() ++ || IPV6_HEX_COMPRESSED_PATTERN.matcher(hostname).matches() ++ ); ++ + } + + private static boolean acceptableCountryWildcard(final String cn) { @@ -251,14 +268,15 @@ + final String hostName) { + String parts[] = cn.split("\\."); + boolean match = false; -+ if (parts[0].length() > 1) { ++ String firstpart = parts[0]; ++ if (firstpart.length() > 1) { + // server∗ -+ String prefix = parts[0].substring(0, parts[0].length() - 2); + // e.g. server -+ String suffix = cn.substring(parts[0].length()); ++ String prefix = firstpart.substring(0, firstpart.length() - 1); + // skipwildcard part from cn -+ String hostSuffix = hostName.substring(prefix.length()); ++ String suffix = cn.substring(firstpart.length()); + // skip wildcard part from host ++ String hostSuffix = hostName.substring(prefix.length()); + match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix); + } else { + match = hostName.endsWith(cn.substring(1)); @@ -281,6 +299,7 @@ + return dots; + } + ++ + private static String getCN(X509Certificate cert) { + // Note: toString() seems to do a better job than getName() + // @@ -290,15 +309,21 @@ + // whereas toString() gives me this: + // [email protected] + String subjectPrincipal = cert.getSubjectX500Principal().toString(); -+ int x = subjectPrincipal.indexOf("CN="); -+ if (x >= 0) { -+ int y = subjectPrincipal.indexOf(',', x); -+ // If there are no more commas, then CN= is the last entry. -+ y = (y >= 0) ? y : subjectPrincipal.length(); -+ return subjectPrincipal.substring(x + 3, y); -+ } else { -+ return null; ++ ++ return getCN(subjectPrincipal); ++ ++ } ++ private static String getCN(String subjectPrincipal) { ++ StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); ++ while(st.hasMoreTokens()) { ++ String tok = st.nextToken().trim(); ++ if (tok.length() > 3) { ++ if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { ++ return tok.substring(3); ++ } ++ } + } ++ return null; + } + } _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
