Open
Bug 1210782
Opened 9 years ago
Updated 2 years ago
Malformed Client Key Exchange messages are accepted (Handshake.length)
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: hkario, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20150922120153 Steps to reproduce: Client sends a Client Key Exchange message during RSA key exchange in which the Handshake.length field doesn't match the EncryptedPreMasterSecret.length field. Automated reproducer: mkdir nssdb certutil -N -d sql:nssdb/ --empty-password openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch openssl pkcs12 -export -out cert.p12 -passout pass: -inkey localhost.key -name localhost -keypbe DES-EDE3-CBC -macalg SHA1 -in localhost.crt pk12util -i cert.p12 -d sql:nssdb/ -W '' ./selfserv -n localhost -d sql:nssdb/ -p 4433 -V ssl3: in different console: pip install --pre tlslite-ng git clone https://github.com/tomato42/tlsfuzzer.git cd tlsfuzzer PYTHONPATH=. python scripts/test-truncating-of-kRSA-client-key-exchange.py Actual results: The server didn't send an Alert message Expected results: Server should have sent a decode_error message: RFC 5246: A server MUST accept ClientHello messages both with and without the extensions field, and (as for all other messages) it MUST check that the amount of data in the message precisely matches one of these formats; if not, then it MUST send a fatal "decode_error" alert.
Updated•7 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•