Bug #9644

ssl hostname verification security bug: verify_certificate_identity wildcard matching allows to much

Added by Steffen Ullrich about 1 year ago. Updated about 1 month ago.

[ruby-core:61545]
Status:Closed
Priority:High
Assignee:Martin Bosslet
ruby -v:1.9, 2.0, 2.1 Backport:1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE

Description

Hi,
I'm not a ruby developer but the maintainer of the IO::Socket::SSL module in Perl. While comparing the state of the SSL implementations in various languages I've noticed, that your validation of the hostname inside the certificate is wrong regarding wildcards.

According to the RFC2818 (http) or RFC6125 (includes http and others) only the leftmost part of the name specification might contain a wildcard, e.g *.foo.bar is allowed, but not www.*.foo.bar or even www.*.*.*. Unfortunatly the implementation of verify_certificate_identity in openssl/ssl.rb (or openssl/ssl-internal.rb in older versions) does a global substitution of * with [^.]+ and thus allows wildcards anywhere and also multiple wildcards. I've verified my assumption with a certificate for www.*.foo.*, which got successfully verified against www.bar.foo.org or www.foobar.foo.bar on ruby 1.9.1. And, from looking at the code the current ruby version has the same problem.

Also, from reading the code I understand that you use the same hostname verification for SMTP, IMAP and POP too. But the verification schemes for these protocols differ from http (see RFC2595 for SMTP, RFC4642 for IMAP and POP):

  • while http allows something like www*.example.com the other protocols only allow *.example.com, e.g. the the wildcard must fully replace the leftmost part of the hostname.
  • while with http one should not check the common name if subject alternative names exist (and you've implemented it this way), with the other protocols one check common name too.

Regards,
Steffen

CVE-2015-1855.patch Magnifier (12.5 KB) Antonio Terceiro, 04/28/2015 12:35 AM

Associated revisions

Revision 50292
Added by Tomoyuki Chikanaga about 2 months ago

  • ext/openssl/lib/openssl/ssl.rb: stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [Bug #9644]
  • test/openssl/test_ssl.rb: add tests for above.

Revision 50293
Added by Tomoyuki Chikanaga about 2 months ago

merge revision(s) 50292: [Backport #9644]

* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
  following RFC 6125. with the patch provided by Tony Arcieri and
  Hiroshi Nakamura  [Bug #9644]

* test/openssl/test_ssl.rb: add tests for above.

Revision 50294
Added by Usaku NAKAMURA about 2 months ago

merge revision(s) 50292: [Backport #9644]

* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
  following RFC 6125. with the patch provided by Tony Arcieri and
  Hiroshi Nakamura  [Bug #9644]

* test/openssl/test_ssl.rb: add tests for above.

Revision 50296
Added by Usaku NAKAMURA about 2 months ago

merge revision(s) 50292: [Backport #9644]

* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
  following RFC 6125. with the patch provided by Tony Arcieri and
  Hiroshi Nakamura  [Bug #9644]

* test/openssl/test_ssl.rb: add tests for above.

History

#1 Updated by Nobuyoshi Nakada about 1 year ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED
  • Description updated (diff)
  • Category set to ext/openssl
  • Status changed from Open to Assigned
  • Assignee set to Martin Bosslet
  • Priority changed from Normal to High
  • Target version set to current: 2.2.0

Seems no wildcard tests.

#3 Updated by Tomoyuki Chikanaga about 2 months ago

  • % Done changed from 0 to 100
  • Status changed from Assigned to Closed

Applied in changeset r50292.


  • ext/openssl/lib/openssl/ssl.rb: stricter hostname verification following RFC 6125. with the patch provided by Tony Arcieri and Hiroshi Nakamura [Bug #9644]
  • test/openssl/test_ssl.rb: add tests for above.

#4 Updated by Tomoyuki Chikanaga about 2 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE

Backported into ruby_2_2 branch at r50293.

#5 Updated by Usaku NAKAMURA about 2 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE to 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE

ruby_2_0_0 r50294 merged revision(s) 50292.

#6 Updated by Antonio Terceiro about 1 month ago

Hi,

I was able to backport the patch to Ruby 1.9.3, and it will be included in a Debian wheezy security update soon. I am attaching the patch here.

Also available in: Atom PDF