You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a server vends a 0-length certificate list, towards s2n as a client, it's possible to crash s2n when used as a client. Important note: in s2n, client mode is disabled and this issue is not trigger-able.
The crash occurs inside OpenSSL's RSA_size:
#0 0xb7e9c397 in RSA_size () from /root/s2n/s2n-master/lib/libs2n.so
#1 0xb7e84df9 in s2n_rsa_public_encrypted_size () from /root/s2n/s2n-master/lib/libs2n.so
#2 0xb7e788ef in s2n_client_key_send () from /root/s2n/s2n-master/lib/libs2n.so
#3 0xb7e7ac9e in s2n_negotiate () from /root/s2n/s2n-master/lib/libs2n.so
#4 0x08049b44 in echo ()
#5 0x080494d2 in main ()
This change modifies our server cert handling code to require at least
one certificate present in the certificate list (commonly called a
certificate chain).
Issue reported by Mikko at Codenomicon.
This change also updates our stub rsa code to be more wary of NULL pointers and
guard on behalf of OpenSSL.
Tests added:
s2n_malformed_handshake test has been added with 5 new tests:
A valid server certificate message
A server certificate message with a 0-length list
A server certificate message with a 0-length cert
A server certificate message with an oversized list
A server certificate message with an oversized cert
If a server vends a 0-length certificate list, towards s2n as a client, it's possible to crash s2n when used as a client. Important note: in s2n, client mode is disabled and this issue is not trigger-able.
The crash occurs inside OpenSSL's RSA_size:
Per https://github.com/openssl/openssl/blob/35a1cc90bc1795e8893c11e442790ee7f659fffb/crypto/rsa/rsa_crpt.c#L69 RSA_size() is referencing rsa->n, a bignum which in this case is empty.
What's happening is that we're never calling s2n_asn1der_to_rsa_public_key(), because size_of_all_certificates is 0, and so the inner while loop is never exercised. See https://github.com/awslabs/s2n/blob/e17fd1a4370ec96830cade867879fa07655130c8/tls/s2n_server_cert.c#L58
Issue reported by Mikko from Codenomicon.
The following patch fixes the issue and adds some additional checks in similar code-paths (though none are similarly vulnerable).
The text was updated successfully, but these errors were encountered: