Closed
Bug 1212915
Opened 9 years ago
Closed 1 year ago
client hello with malformed session id is accepted
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: hkario, Assigned: lschwarz)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20150930122139 Steps to reproduce: Send Client Hello to server with session_id 33 bytes long. Automated reproducer: mkdir nssdb certutil -N -d sql:nssdb/ --empty-password openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch openssl pkcs12 -export -out cert.p12 -passout pass: -inkey localhost.key -name localhost -keypbe DES-EDE3-CBC -macalg SHA1 -in localhost.crt pk12util -i cert.p12 -d sql:nssdb/ -W '' ./selfserv -n localhost -d sql:nssdb/ -p 4433 -V ssl3: in different console: pip install --pre tlslite-ng git clone https://github.com/tomato42/tlsfuzzer.git cd tlsfuzzer PYTHONPATH=. python scripts/test-invalid-session-id.py Actual results: server responds with Server Hello Expected results: Server should abort connection. In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is defined as opaque SessionID<0..32>; that means, that any SessionID longer than 32 bytes is an incorrectly formatted Client Hello message, and as such, should be rejected.
Updated•7 years ago
|
Priority: -- → P3
Assignee | ||
Updated•2 years ago
|
Assignee: nobody → lschwarz
Assignee | ||
Updated•2 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 1•2 years ago
|
||
Depends on D147675
Updated•2 years ago
|
Severity: normal → S3
Comment 2•2 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lschwarz, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.
Flags: needinfo?(lschwarz)
Flags: needinfo?(djackson)
Comment 3•1 year ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(lschwarz)
Flags: needinfo?(djackson)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•