Author christian.heimes
Recipients christian.heimes
Date 2013-08-12.11:32:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1376307172.38.0.0558370001214.issue18709@psf.upfronthosting.co.za>
In-reply-to
Content
Ryan Sleevi of the Google Chrome Security Team has informed us that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. It's related to Ruby's CVE-2013-4073 http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

Although Python uses a slightly different OpenSSL API to parse a X.509 certificate and turn its fields into a dictionary, our implementation eventually uses an OpenSSL function that fails to handle NULL bytes. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate's subjectAltName's dNSName general names.

When the Ruby issues was announced publicly I already suspected that our code may suffer from the same issue. But I was unable to generate a X.509 certificate with a NULL byte in its X509v3 subjectAltName extension, only in subject and issuer. OpenSSL's config file format just didn't support NULL bytes. But Our code handled the NULL byte in subject in issuer just fine so I gave up. In the light of the bug report I went a different path and eventually I came up with a malicious certificate that showed the reported bug.
History
Date User Action Args
2013-08-12 11:32:52christian.heimessetrecipients: + christian.heimes
2013-08-12 11:32:52christian.heimessetmessageid: <1376307172.38.0.0558370001214.issue18709@psf.upfronthosting.co.za>
2013-08-12 11:32:52christian.heimeslinkissue18709 messages
2013-08-12 11:32:51christian.heimescreate