Bugs item #2829955, was opened at 2009-07-31 00:27
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2829955&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: bad behaviour
>Status: Closed
>Resolution: Fixed
Priority: 5
>Private: No
Submitted By: Scott Cantor (scantor)
Assigned to: Daniel Stenberg (bagder)
Summary: Wildcard cert name checking and null termination

Initial Comment:
There's a new wildcard cert attack made public here:
http://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/

I took a pass over the name matching code, and unless something in openssl or the code that gets at the subject names is somehow immune, the matching logic seems to be vulnerable. If not, feel free to close.

If a fix is needed, I think it will require capturing the actual length of the subject name to match with rather than relying on null terminated strings. I couldn't actually follow the current code very well, so I'm going to keep looking at it.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-08-01 23:57

Message:
Thanks for the report, this problem is now fixed in CVS!

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2829955&group_id=976
Received on 2009-08-01