curl and libcurl

Tracker: Bugs

5 Wildcard cert name checking and null termination - ID: 2829955

Last Update: Comment added ( bagder )

Details:

There's a new wildcard cert attack made public here:
http://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/

I took a pass over the name matching code, and unless something in openssl
or the code that gets at the subject names is somehow immune, the matching
logic seems to be vulnerable. If not, feel free to close.

If a fix is needed, I think it will require capturing the actual length of
the subject name to match with rather than relying on null terminated
strings. I couldn't actually follow the current code very well, so I'm
going to keep looking at it.

Submitted:

Scott Cantor ( scantor ) - 2009-07-30 22:27

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

Daniel Stenberg

Category:

SSL/TLS

Group:

bad behaviour

Visibility:

Public

Comment ( 1 )

Date: 2009-08-01 21:57 Sender: bagder Thanks for the report, this problem is now fixed in CVS!

Attached File

Changes ( 5 )

Field	Old Value	Date	By
status_id	Open	2009-08-01 21:57	bagder
resolution_id	None	2009-08-01 21:57	bagder
is_private	1	2009-08-01 21:57	bagder
allow_comments	1	2009-08-01 21:57	bagder
close_date	-	2009-08-01 21:57	bagder

curl and libcurl

Tracker: Bugs

Comment ( 1 )

Attached File

No Files Currently Attached

Changes ( 5 )

About SourceForge

Find Software

Develop Software

Community

Help