2002/08/11 04:27:41

darcs-hash:20040130065000-2ba56-04fdf4b842e54ecfb50480cfabb723c4ac6bef58.gz

diff --git a/CHANGES b/CHANGES
index 9321416..789bb78 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -360,4 +360,7 @@
 
 10-Aug megacz HTML.java, html.xwt: fixed HTML widget to handle unclosed <li> tags
 
+10-Aug megacz TinySSL.java: fixed vulnerability to Mike Benham's attack
+
+
 

diff --git a/src/org/xwt/TinySSL.java b/src/org/xwt/TinySSL.java
index 9c9d017..a68cfe9 100644 (file)
--- a/src/org/xwt/TinySSL.java
+++ b/src/org/xwt/TinySSL.java
@@ -1,4 +1,4 @@
-// Copyright (C) 2001 Adam Megacz <adam@xwt.org> all rights reserved.
+// Copyright (C) 2002 Adam Megacz <adam@xwt.org> all rights reserved.
 //
 // You may modify, copy, and redistribute this code under the terms of
 // the GNU Library Public License version 2.1, with the exception of
@@ -31,6 +31,9 @@ import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
 import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.xwt.util.Log;
 import java.net.*;
 import java.io.*;
@@ -81,6 +84,9 @@ import java.text.*;
    1.02 27-Mar-02  Fixed a bug which would hang the connection when more than one
                    Handshake message appeared in the same TLS Record
 
+   1.03 10-Aug-02  Fixed a vulnerability outlined at
+                   http://online.securityfocus.com/archive/1/286290
+
 */
 
 public class TinySSL extends Socket {
@@ -90,7 +96,7 @@ public class TinySSL extends Socket {
     public static void main(String[] args) {
         Log.on = true;
         try {
-            Socket s = new TinySSL("www.verisign.com", 443);
+            Socket s = new TinySSL("www.paypal.com", 443);
             PrintWriter pw = new PrintWriter(s.getOutputStream());
             BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
             pw.println("GET / HTTP/1.0");
@@ -393,8 +399,21 @@ public class TinySSL extends Socket {
 
                             Log.log(this, "server cert (name, validity dates) checks out okay");
                             
-                        } else if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo()))
-                            throw new SSLException("the server sent a broken chain of certificates");
+                        } else {
+
+                            // don't check the top cert since some very old root certs lack a BasicConstraints field.
+                            if (certlen + 3 + i < numcertbytes) {
+                                // defend against Mike Benham's attack
+                                X509Extension basicConstraints = this_cert.getTBSCertificate().getExtensions().getExtension(X509Extensions.BasicConstraints);
+                                if (basicConstraints == null) throw new SSLException("certificate did not contain a basic constraints block");
+                                DERInputStream dis = new DERInputStream(new ByteArrayInputStream(basicConstraints.getValue().getOctets()));
+                                BasicConstraints bc = new BasicConstraints((DERConstructedSequence)dis.readObject());
+                                if (!bc.isCA()) throw new SSLException("non-CA certificate used for signing");
+                            }
+
+                            if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo()))
+                                throw new SSLException("the server sent a broken chain of certificates");
+                        }
 
                         last_cert = this_cert;
                         i += certlen + 3;