[Home]

Summary:ASTERISK-24847: [security] [patch] tcptls: certificate CN NULL byte prefix bug
Reporter:Matt Jordan (mjordan)Labels:Security
Date Opened:2015-03-04 15:10:01.000-0600Date Closed:2015-04-08 10:55:51
Priority:MajorRegression?
Status:Closed/CompleteComponents:Channels/chan_sip/TCP-TLS
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) asterisk-null-in-cn.patch
Description:host{quote}
Hello,

Asterisk contain certificate common name NULL byte prefix bug in tcptls.c.
Specifically, if presented certificate has a Common Name of format "host.com\x00.somedomain.com" the certificate will
be accepted for host.com despite being issued for somedomain.com.

Attached is proposed patch (generated against asterisk-11.15.0).

Verified with SIP TLS transport - without the patch such certificates are accepted,
with the patch applied they are rejected due to CN length mismatch.

Best regards,
Maciej Szmigiero
{quote}
Comments:By: Matt Jordan (mjordan) 2015-03-04 15:15:25.886-0600

Note that the attached patch was written by Maciej Szmigiero.

By: Rusty Newton (rnewton) 2015-03-06 17:55:28.210-0600

Cool. Looks like he has a valid license agreement.

By: Jonathan Rose (jrose) 2015-03-24 14:41:47.682-0500

ASA-2015-003 has been added to the asa repository. Patches for all versions are there along with the odt security advisory document. A CVE and generated docs are still necessary.