[Bug 890510] New: serf handling of NUL bytes in fields of an X.509 cert
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c0 Summary: serf handling of NUL bytes in fields of an X.509 cert Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0
Deal with NUL bytes in fields of an X.509 cert.
* buckets/ssl_buckets.c: (pstrdup_escape_nul_bytes, get_subject_alt_names, validate_cert_hostname): New functions. (validate_server_certificate): Use validate_cert_hostname() to return SERF_SSL_CERT_INVALID_HOST if CommonName or SubjectAltNames include a NUL byte. (convert_X509_NAME_to_table): Use pstrdup_escape_nul_bytes() to escape NUL bytes before adding fields to the hash table. (serf_ssl_cert_certificate): Replace some code with a call to get_subject_alt_names() where we factored out the code to.
* serf_bucket_types.h (SERF_SSL_CERT_INVALID_HOST): New error.
Reads like this may similar to CVE-2009-2408, e.g. \0 bytes in certificates would allow MITM attacks. CWE-297?
openssl x509 -in test/certs/servercert_cnsan_nul.pem -text -noout [...] Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.example.net\x00.example.com [...]
Change will be part of serf 1.3.7 scheduled for 2014-08-11. openSUSE 13.1: libserf-1-1 (serf) 1.3.6 openSUSE 12.3: libserf-1-0 (serf) 1.1.1 Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2014-3504 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c3 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #3 from Swamp Workflow Management <swamp@suse.de> 2014-08-06 22:00:13 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c4 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |security-team@suse.de, | |tchvatal@suse.com, | |vcizek@suse.com AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-10 18:46:55 UTC --- Preparing updates for openSUSE just now... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c5 --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-10 19:08:04 UTC --- Created an attachment (id=601796) --> (http://bugzilla.novell.com/attachment.cgi?id=601796) patch against 1.1.1 (openSUSE 12.3) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c6 --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-08-11 22:00:57 CEST --- This is an autogenerated message for OBS integration: This bug (890510) was mentioned in https://build.opensuse.org/request/show/244258 13.1+12.3 / libserf+subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2957:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2957:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2014-08-23 00:04:56 UTC --- openSUSE-SU-2014:1059-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 889849,890510,890511 CVE References: CVE-2014-3504,CVE-2014-3522,CVE-2014-3528 Sources used: openSUSE 13.1 (src): libserf-1.3.7-16.1, subversion-1.8.10-2.29.1 openSUSE 12.3 (src): libserf-1.1.1-2.4.1, subversion-1.7.18-2.36.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=890510 https://bugzilla.novell.com/show_bug.cgi?id=890510#c9 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |meissner@suse.com Resolution| |FIXED --- Comment #9 from Marcus Meissner <meissner@suse.com> 2014-09-09 11:51:51 UTC --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com