[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_3-7-gd3dada

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_3-7-gd3dada3
Date:	Thu, 05 May 2011 20:35:06 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=d3dada39f12351abc04f22743fa9c892dcf06276

The branch, gnutls_2_12_x has been updated
       via  d3dada39f12351abc04f22743fa9c892dcf06276 (commit)
       via  777aa2927b7d9238e505fd2cfc0e616cce60f9e8 (commit)
      from  83ff33e7fdc369b8d4030f78633a6e279c51425f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d3dada39f12351abc04f22743fa9c892dcf06276
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu May 5 22:31:05 2011 +0200

    _gnutls_hostname_compare() was incredibly slow when over ten wildcards were 
present. Set a limit on 6 wildcards to avoid any denial of service attack. 
Reported by Kalle Olavi Niemitalo.

commit 777aa2927b7d9238e505fd2cfc0e616cce60f9e8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu May 5 22:17:28 2011 +0200

    Use c_toupper to avoid converting characters non in the english ASCII set. 
Reported by Kalle Olavi Niemitalo.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                        |    3 +++
 THANKS                      |    1 +
 lib/gnutls_str.c            |   15 +++++++++++----
 lib/gnutls_str.h            |    2 +-
 lib/opencdk/misc.c          |    5 +++--
 lib/openpgp/pgp.c           |    2 +-
 lib/x509/rfc2818_hostname.c |    4 ++--
 7 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/NEWS b/NEWS
index 5cae3d4..2a925da 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
 ** libgnutls: Added gnutls_certificate_get_issuer() to
 compensate for the deprecated gnutls_certificate_get_x509_cas().
 
+** libgnutls: Limited allowed wildcards to gnutls_x509_crt_check_hostname()
+to prevent denial of service attacks.
+
 ** API and ABI modifications:
 gnutls_certificate_get_issuer: ADDED
 
diff --git a/THANKS b/THANKS
index 14eaca3..ef6cb28 100644
--- a/THANKS
+++ b/THANKS
@@ -112,6 +112,7 @@ Micah Anderson                      <micah [at] riseup.net>
 Michael Rommel                 <rommel [at] layer-7.net>
 Mark Brand                     <mabrand [at] mabrand.nl>
 Vitaly Kruglikov               <vitaly.kruglikov [at] palm.com>
+Kalle Olavi Niemitalo          <kon [at] iki.fi>
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index 4b6fc63..abdc733 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -28,6 +28,7 @@
 #include <gnutls_num.h>
 #include <gnutls_str.h>
 #include <stdarg.h>
+#include <c-ctype.h>
 
 /* These function are like strcat, strcpy. They only
  * do bound checking (they shouldn't cause buffer overruns),
@@ -520,14 +521,20 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, 
opaque * bin_data,
  * return 1 on success or 0 on error
  *
  * note: certnamesize is required as X509 certs can contain embedded NULs in
- * the strings such as CN or subjectAltName
+ * the strings such as CN or subjectAltName.
+ *
+ * @level: is used for recursion. Use 0 when you call this function.
  */
 int
 _gnutls_hostname_compare (const char *certname,
-                          size_t certnamesize, const char *hostname)
+                          size_t certnamesize, const char *hostname, int level)
 {
+
+  if (level > 5)
+    return 0;
+
   /* find the first different character */
-  for (; *certname && *hostname && toupper (*certname) == toupper (*hostname);
+  for (; *certname && *hostname && c_toupper (*certname) == c_toupper 
(*hostname);
        certname++, hostname++, certnamesize--)
     ;
 
@@ -545,7 +552,7 @@ _gnutls_hostname_compare (const char *certname,
       while (1)
         {
           /* Use a recursive call to allow multiple wildcards */
-          if (_gnutls_hostname_compare (certname, certnamesize, hostname))
+          if (_gnutls_hostname_compare (certname, certnamesize, hostname, 
level+1))
             return 1;
 
           /* wildcards are only allowed to match a single domain
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index 1b92815..b315c48 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -91,7 +91,7 @@ int _gnutls_hex2bin (const opaque * hex_data, int hex_size, 
opaque * bin_data,
                      size_t * bin_size);
 
 int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
-                              const char *hostname);
+                              const char *hostname, int level);
 #define MAX_CN 256
 
 #define BUFFER_APPEND(b, x, s) { \
diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
index d6a89ae..d00aa95 100644
--- a/lib/opencdk/misc.c
+++ b/lib/opencdk/misc.c
@@ -29,6 +29,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <sys/stat.h>
+#include <c-ctype.h>
 
 #include "opencdk.h"
 #include "main.h"
@@ -113,10 +114,10 @@ _cdk_memistr (const char *buf, size_t buflen, const char 
*sub)
 
   for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--)
     {
-      if (toupper (*t) == toupper (*s))
+      if (c_toupper (*t) == c_toupper (*s))
         {
           for (buf = t++, buflen = n--, s++;
-               n && toupper (*t) == toupper ((byte) * s); t++, s++, n--)
+               n && c_toupper (*t) == c_toupper ((byte) * s); t++, s++, n--)
             ;
           if (!*s)
             return buf;
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 9549c41..16aa360 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -595,7 +595,7 @@ gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
              the terminating zero. */
           dnsnamesize--;
 
-          if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+          if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
             return 1;
         }
     }
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 46606fd..092f9f5 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -75,7 +75,7 @@ gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const 
char *hostname)
       if (ret == GNUTLS_SAN_DNSNAME)
         {
           found_dnsname = 1;
-          if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+          if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
             {
               return 1;
             }
@@ -95,7 +95,7 @@ gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const 
char *hostname)
           return 0;
         }
 
-      if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+      if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
         {
           return 1;
         }


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_3-7-gd3dada3, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-10-g05d654f
Next by Date: [SCM] GNU gnutls annotated tag, gnutls_2_12_4, created. gnutls_2_12_4
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-10-g05d654f
Next by thread: [SCM] GNU gnutls annotated tag, gnutls_2_12_4, created. gnutls_2_12_4
Index(es):
- Date
- Thread