On 2009-07-30 19:04 PDT, Howard Chu wrote:

> As far as I can see, CERT_VerifyCertName() is still vulnerable to the
> embedded NUL hack that was recently published here
> http://www.wired.com/threatlevel/2009/07/kaminsky/ and on slashdot. Yet
> some comments in the discussion say that Firefox 3.5 is not vulnerable.
> Does anyone know on what basis those comments were made?

Yes.

> More to the point, CERT_GetCommonName() just returns a bare char *,
> instead of returning the string data+length, which makes it impossible
> for the default verifiers to detect this attack. I've had to copy the
> guts of CERT_GetLastNameElement() into our own code so that the length
> info isn't discarded.

CERT_GetCommonName, and all the other similar functions that return elements
of a subject name or issuer name, now return a zstring that is properly
escaped according to RFC 4514.  So, a name with a NULL in it will appear
as something like  www.mybank.com\00*.badguy.org

There's no need to use explicit lengths with that scheme.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to