Closed
Bug 1066190
(CVE-2014-1584)
Opened 10 years ago
Closed 10 years ago
if an unknown issuer error is encountered before pinning checks are done, pinning checks never happen
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
VERIFIED
FIXED
mozilla35
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Keywords: sec-moderate, Whiteboard: [adv-main33+])
Attachments
(1 file, 1 obsolete file)
|
7.71 KB,
patch
|
keeler
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
If a certificate's issuer can't be found, IsChainValid never gets called, which is where we do our pinning checks. As a result, a user can be presented with an overridable error on a site that should be pinned (i.e. we should display a pinning error and not allow an override).
STR:
1. run an https server with a self-signed cert
2. use /etc/hosts to redirect pinningtest.appspot.com to localhost
3. set pinning enforcement to "strict" (2)
4. visit https://pinningtest.appspot.com
expected results: pinning error page, not overridable
actual results: unknown issuer page, overridable
|
Assignee | |
Comment 1•10 years ago
|
||
I'm thinking it might be good to include some more testcases, but I wanted to at least get the fix written.
Attachment #8488092 -
Flags: review?(mmc)
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8488092 [details] [diff] [review]
patch
Review of attachment 8488092 [details] [diff] [review]:
-----------------------------------------------------------------
::: security/certverifier/CertVerifier.cpp
@@ +432,5 @@
> + if (srv != SECSuccess) {
> + return SECFailure;
> + }
> + certCopy.forget(); // now owned by certList
> + srv = chainValidationCallback(&callbackState, certList, &chainOK);
Does this mean we are now calling chainValidationCallback twice?
Attachment #8488092 -
Flags: review?(mmc) → review+
|
|
||
Updated•10 years ago
|
Blocks: CVE-2015-0832
|
|
Assignee | |
Comment 3•10 years ago
|
||
[Tracking Requested - why for this release]: this makes it way too easy to bypass our key pinning implementation. Note that the target of an attack using this will still see an untrusted certificate warning, but they'll be able to click through and add an exception, which is definitely not what we want to happen for sites that have pins.
status-firefox32:
--- → affected
status-firefox33:
--- → affected
status-firefox34:
--- → affected
status-firefox35:
--- → affected
tracking-firefox32:
--- → ?
tracking-firefox33:
--- → ?
tracking-firefox34:
--- → ?
Keywords: sec-moderate
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #2)
> Does this mean we are now calling chainValidationCallback twice?
Thanks for the review. Here's my analysis on calling the chain validation callback multiple times: If we did call it and it succeeded, we won't run this code, so that's fine. If we did call it and it failed, either the pinning checks failed or something catastrophic happened. If the pinning checks failed, we won't run this code again and in any case we'll report the correct error. If something catastrophic happened, it may or may not happen again, but in either case we won't return an overridable error. Otherwise, we didn't already call the validation callback, so it would be safe to call it.
|
|
||
Comment 5•10 years ago
|
||
That sounds fine to me.
|
|
Assignee | |
Comment 6•10 years ago
|
||
I added a couple of other tests to be more thorough. Not significantly different, though, so carrying over r+.
Attachment #8488092 -
Attachment is obsolete: true
Attachment #8488823 -
Flags: review+
|
||
Updated•10 years ago
|
tracking-firefox35:
--- → +
|
|
Assignee | |
Comment 7•10 years ago
|
||
This is only a sec-moderate, so:
https://tbpl.mozilla.org/?tree=Try&rev=0674b58e5972
https://hg.mozilla.org/integration/mozilla-inbound/rev/d02e70f0bf3d
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
|
|
Assignee | |
Comment 9•10 years ago
|
||
Comment on attachment 8488823 [details] [diff] [review]
patch v2
Approval Request Comment
[Feature/regressing bug #]: bug 744204 (preloaded key pinning)
[User impact if declined]: this provides an easy way to bypass key pinning checks (it still requires a user to add a certificate exception)
[Describe test coverage new/current, TBPL]: has both preexisting tests and new tests added with patch
[Risks and why]: minimal - at worse we could make some overridable errors non-overridable
[String/UUID change made/needed]: none (I actually checked the this time)
Attachment #8488823 -
Flags: approval-mozilla-beta?
Attachment #8488823 -
Flags: approval-mozilla-aurora?
|
|
||
Comment 10•10 years ago
|
||
We're very likely going to be releasing Firefox 32.0.2 this week. Do you want to make the case for this fix to ride along?
Flags: needinfo?(dkeeler)
|
|
Assignee | |
Comment 11•10 years ago
|
||
Given that we wontfix'd bug 1049095 (another pinning bypass) for 32, I don't think it's essential that we take this for 32 either (furthermore, while the patch for this bug applies cleanly to 33-35, I don't think it'll apply as cleanly to 32 (it would be possible to make a branch-specific patch, but still)).
Flags: needinfo?(dkeeler)
|
|
||
Comment 12•10 years ago
|
||
Thanks David. Based on comment 11, I'm marking 32 as won't fix.
|
||
Updated•10 years ago
|
Attachment #8488823 -
Flags: approval-mozilla-beta?
Attachment #8488823 -
Flags: approval-mozilla-beta+
Attachment #8488823 -
Flags: approval-mozilla-aurora?
Attachment #8488823 -
Flags: approval-mozilla-aurora+
|
||
Comment 13•10 years ago
|
||
|
||
Comment 14•10 years ago
|
||
IMO, there is a better, simpler, way to fix this: Simply don't allow cert error overrides for any pinned domains. That is what you've effectively done, almost, since most users of HPKP won't be inning their end-entity certificate's key.
|
||
Updated•10 years ago
|
Whiteboard: [adv-main33+]
|
|
||
Updated•10 years ago
|
Alias: CVE-2014-1584
|
||
Updated•10 years ago
|
status-firefox-esr31:
--- → unaffected
|
||
Comment 15•10 years ago
|
||
Reproduced the original issue using the following build:
- http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014-09-09-03-02-07-mozilla-central/
I followed the STR from comment #0 and received the "This Connection is Untrusted" page which was overridable even though pinning enforcement was set to strict(2)
Went through verification using the following builds:
- http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014-10-10-03-02-01-mozilla-central/ (changeset: 209717:50b689feab5f)
- http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2014-10-10-00-40-01-mozilla-aurora/ (changeset: 218224:72c13d8631ff)
- http://ftp.mozilla.org/pub/mozilla.org/firefox/candidates/33.0-candidates/build1/linux-x86_64/ (changeset: 218062:0e0dc4b23c13)
For each channel, I ensured that I received the following error message that was not overridable: (tested on normal/private and e10s windows)
"An error occurred during a connection to pinningtest.appspot.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. (Error code: mozilla_pkix_error_key_pinning_failure)"
Status: RESOLVED → VERIFIED
|
|
Assignee | |
Updated•10 years ago
|
Depends on: CVE-2015-2741
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•