kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-19 08:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge changes for AST-2015-003

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/tags/11.17.1@434387 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Asterisk Autobuilder
2015-04-08 16:54:33 +00:00
parent de635fb27f
commit b711f41d19
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ChangeLog
View File

@@ -1,3 +1,28 @@
2015-04-08 Asterisk Development Team <asteriskteam@digium.com>
* Asterisk 11.17.1 Released.
* Mitigate MitM attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA
signed certificates with a common name that was signed for a domain
other than the one requested if it contains a null character in the
common name portion of the cert. This patch fixes that by checking
that the common name length matches the the length of the content we
actually read from the common name segment. Some certificate
authorities automatically sign CA requests when the requesting CN
isn't already taken, so an attacker could potentially register a CN
with something like www.google.com\x00www.secretlyevil.net and have
their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com.
ASTERISK-24847 #close
Reported by: Maciej Szmigiero
patches:
asterisk-null-in-cn.patch uploaded by mhej (license 6085)
AST-2015-003
2015-04-01 Asterisk Development Team <asteriskteam@digium.com> 2015-04-01 Asterisk Development Team <asteriskteam@digium.com>
* Asterisk 11.17.0 Released. * Asterisk 11.17.0 Released.

10
main/tcptls.c
View File

@@ -639,9 +639,15 @@ static void *handle_tcptls_connection(void *data)
break; break;
} }
str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos)); str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
ASN1_STRING_to_UTF8(&str2, str); ret = ASN1_STRING_to_UTF8(&str2, str);
if (ret < 0) {
continue;
}
if (str2) { if (str2) {
if (!strcasecmp(tcptls_session->parent->hostname, (char *) str2)) { if (strlen((char *) str2) != ret) {
ast_log(LOG_WARNING, "Invalid certificate common name length (contains NULL bytes?)\n");
} else if (!strcasecmp(tcptls_session->parent->hostname, (char *) str2)) {
found = 1; found = 1;
} }
ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", tcptls_session->parent->hostname, str2); ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", tcptls_session->parent->hostname, str2);