You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi developers:
Nowadays we made a large scale security static analysis on several open source projects, and found some mistakes in r-cran-rsclient_0.7-3. In the @src/cli.c:146:
static int tls_upgrade(rsconn_t *c) {
SSL *ssl;
SSL_CTX ctx;
if (first_tls)
init_tls();
ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
c->tls = ssl = SSL_new(ctx);
c->send = tls_send;
c->recv = tls_recv;
SSL_set_fd(ssl, c->s);
/ SSL_CTX_free(ctx) // check whether this is safe - it should be since ssl has the reference ... */
return SSL_connect(ssl);
}
When finish the SSL connect, you immedicately start to execute read/write operation without verify certificate,which can lead to MITM attack and cause leakage of sensitive data.We recommand you add verify operation such as SSL_CTX_set_verify or SSL_get_peer_certificate to guarantee the security.We have send the bug report to Ubuntu launchpad,and also inform you of such news.Here are the link:
Hi developers:
Nowadays we made a large scale security static analysis on several open source projects, and found some mistakes in r-cran-rsclient_0.7-3. In the @src/cli.c:146:
static int tls_upgrade(rsconn_t *c) {
SSL *ssl;
SSL_CTX ctx;
if (first_tls)
init_tls();
ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
c->tls = ssl = SSL_new(ctx);
c->send = tls_send;
c->recv = tls_recv;
SSL_set_fd(ssl, c->s);
/ SSL_CTX_free(ctx) // check whether this is safe - it should be since ssl has the reference ... */
return SSL_connect(ssl);
}
When finish the SSL connect, you immedicately start to execute read/write operation without verify certificate,which can lead to MITM attack and cause leakage of sensitive data.We recommand you add verify operation such as SSL_CTX_set_verify or SSL_get_peer_certificate to guarantee the security.We have send the bug report to Ubuntu launchpad,and also inform you of such news.Here are the link:
https://bugs.launchpad.net/ubuntu/+source/r-cran-rsclient/+bug/1677493
The text was updated successfully, but these errors were encountered: