1212915 - client hello with malformed session id is accepted

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P3)

Description

[Hubert Kario]

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0
Build ID: 20150930122139

Steps to reproduce:

Send Client Hello to server with session_id 33 bytes long.

Automated reproducer:
mkdir nssdb
certutil -N -d sql:nssdb/ --empty-password
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch
openssl pkcs12 -export -out cert.p12 -passout pass: -inkey localhost.key -name localhost -keypbe DES-EDE3-CBC -macalg SHA1 -in localhost.crt
pk12util -i cert.p12 -d sql:nssdb/ -W ''
./selfserv -n localhost -d sql:nssdb/ -p 4433 -V ssl3:

in different console:
pip install --pre tlslite-ng
git clone https://github.com/tomato42/tlsfuzzer.git
cd tlsfuzzer
PYTHONPATH=. python scripts/test-invalid-session-id.py


Actual results:

server responds with Server Hello


Expected results:

Server should abort connection.

In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is defined as

      opaque SessionID<0..32>;

that means, that any SessionID longer than 32 bytes is an incorrectly formatted Client Hello message, and as such, should be rejected.

Comment 1

[Leander Schwarz]

Attachment: Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Server-TooLongSessionID-TLS1*. r?djackson

Depends on D147675

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lschwarz, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.

Comment 3

[Dennis Jackson]

https://hg.mozilla.org/projects/nss/rev/7ebd33a1f5e49d7887c2db1e69362f881c89ab46