Summary: | ASTERISK-24847: [security] [patch] tcptls: certificate CN NULL byte prefix bug | ||
Reporter: | Matt Jordan (mjordan) | Labels: | Security |
Date Opened: | 2015-03-04 15:10:01.000-0600 | Date Closed: | 2015-04-08 10:55:51 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_sip/TCP-TLS |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) asterisk-null-in-cn.patch | |
Description: | host{quote}
Hello, Asterisk contain certificate common name NULL byte prefix bug in tcptls.c. Specifically, if presented certificate has a Common Name of format "host.com\x00.somedomain.com" the certificate will be accepted for host.com despite being issued for somedomain.com. Attached is proposed patch (generated against asterisk-11.15.0). Verified with SIP TLS transport - without the patch such certificates are accepted, with the patch applied they are rejected due to CN length mismatch. Best regards, Maciej Szmigiero {quote} | ||
Comments: | By: Matt Jordan (mjordan) 2015-03-04 15:15:25.886-0600 Note that the attached patch was written by Maciej Szmigiero. By: Rusty Newton (rnewton) 2015-03-06 17:55:28.210-0600 Cool. Looks like he has a valid license agreement. By: Jonathan Rose (jrose) 2015-03-24 14:41:47.682-0500 ASA-2015-003 has been added to the asa repository. Patches for all versions are there along with the odt security advisory document. A CVE and generated docs are still necessary. |