Bug#311191: libesmtp5: Flaw in TLS certificate hostname matching code

Sun, 29 May 2005 12:44:24 -0700 

Package: libesmtp5
Version: 1.0.3-1

[I made several attempts to report the following to the upstream authors
and the relevant mailing list since February, but I did not get a
response, so I'm reporting this here.]

I think I found a flaw in libesmtp-1.0.3r1, file smtp-tls.c: The
function match_domain() is used to match a host name against
subjectAltNames of type DNS or against the Common Name of a certificate.
It calls match_component() to match the components of a FQDN.

match_component() will accept two strings as equal if they start equal
but don't have equal length. For example,
match_domain("mail.example.com", "mailhub.example.com") and
match_domain("mail.somewhere.com", "mail.somewhere-else.com") 
return 1, not 0.
The following patch fixes that:

--- smtp-tls.c.orig     2005-02-04 01:54:43.033106064 +0100
+++ smtp-tls.c  2005-02-04 01:56:50.984654472 +0100
@@ -439,16 +439,24 @@
 match_component (const char *dom, const char *edom,
                  const char *ref, const char *eref)
 {
+  int wildcard = 0;
+  
   while (dom < edom && ref < eref)
     {
       /* Accept a final '*' in the reference as a wildcard */
       if (*ref == '*' && ref + 1 == eref)
-        break;
+       {
+          wildcard = 1;
+          break;
+       }
       /* compare the domain name case insensitive */
       if (!(*dom == *ref || tolower (*dom) == tolower (*ref)))
         return 0;
       ref++, dom++;
     }
+  if (!wildcard && (dom < edom || ref < eref))
+    return 0;
+
   return 1;
 }
 
Security implication: 
Let the certificate of smtp.somewhere-else.com contain a subjectAltName
of type DNS with the content smtp.somewhere-else.com (the host's name).
If a user wants to contact smtp.somewhere.com, but can be tricked into
contacting smtp.somewhere-else.com instead, he won't notice the
difference even when TLS is active, because the check of
"smtp.somewhere.com" against the certificate's subjectAltName
"smtp.somewhere-else.com" returns ok.
This is probably not a big issue because anyone can create a certificate
containing an arbitrary subjectAltName. But the owner of
smtp.somewhere-else.com might get their certificate (that rightfully
contains a subjectAltName of "smtp.somewhere-else.com") signed by a
trusted CA, so that libesmtp fully trusts smtp.somewhere-else.com when
it should not.

Martin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to