#850 Wildcard cert name checking and null termination

closed-fixed
SSL/TLS (31)
5
2013-06-21
2009-07-30
Scott Cantor
No

There's a new wildcard cert attack made public here:
http://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/

I took a pass over the name matching code, and unless something in openssl or the code that gets at the subject names is somehow immune, the matching logic seems to be vulnerable. If not, feel free to close.

If a fix is needed, I think it will require capturing the actual length of the subject name to match with rather than relying on null terminated strings. I couldn't actually follow the current code very well, so I'm going to keep looking at it.

Discussion

  • Thanks for the report, this problem is now fixed in CVS!

     
    • status: open --> closed-fixed