From fea7c3bad0cb940fdbf609bb30b14f3ea3328e46 Mon Sep 17 00:00:00 2001 From: megacz Date: Fri, 30 Jan 2004 06:50:00 +0000 Subject: [PATCH] 2002/08/11 04:27:41 darcs-hash:20040130065000-2ba56-04fdf4b842e54ecfb50480cfabb723c4ac6bef58.gz --- CHANGES | 3 +++ src/org/xwt/TinySSL.java | 27 +++++++++++++++++++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 9321416..789bb78 100644 --- a/CHANGES +++ b/CHANGES @@ -360,4 +360,7 @@ 10-Aug megacz HTML.java, html.xwt: fixed HTML widget to handle unclosed
  • tags +10-Aug megacz TinySSL.java: fixed vulnerability to Mike Benham's attack + + diff --git a/src/org/xwt/TinySSL.java b/src/org/xwt/TinySSL.java index 9c9d017..a68cfe9 100644 --- a/src/org/xwt/TinySSL.java +++ b/src/org/xwt/TinySSL.java @@ -1,4 +1,4 @@ -// Copyright (C) 2001 Adam Megacz all rights reserved. +// Copyright (C) 2002 Adam Megacz all rights reserved. // // You may modify, copy, and redistribute this code under the terms of // the GNU Library Public License version 2.1, with the exception of @@ -31,6 +31,9 @@ import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.TBSCertificateStructure; import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.asn1.x509.X509Extensions; +import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.asn1.x509.BasicConstraints; import org.xwt.util.Log; import java.net.*; import java.io.*; @@ -81,6 +84,9 @@ import java.text.*; 1.02 27-Mar-02 Fixed a bug which would hang the connection when more than one Handshake message appeared in the same TLS Record + 1.03 10-Aug-02 Fixed a vulnerability outlined at + http://online.securityfocus.com/archive/1/286290 + */ public class TinySSL extends Socket { @@ -90,7 +96,7 @@ public class TinySSL extends Socket { public static void main(String[] args) { Log.on = true; try { - Socket s = new TinySSL("www.verisign.com", 443); + Socket s = new TinySSL("www.paypal.com", 443); PrintWriter pw = new PrintWriter(s.getOutputStream()); BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream())); pw.println("GET / HTTP/1.0"); @@ -393,8 +399,21 @@ public class TinySSL extends Socket { Log.log(this, "server cert (name, validity dates) checks out okay"); - } else if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo())) - throw new SSLException("the server sent a broken chain of certificates"); + } else { + + // don't check the top cert since some very old root certs lack a BasicConstraints field. + if (certlen + 3 + i < numcertbytes) { + // defend against Mike Benham's attack + X509Extension basicConstraints = this_cert.getTBSCertificate().getExtensions().getExtension(X509Extensions.BasicConstraints); + if (basicConstraints == null) throw new SSLException("certificate did not contain a basic constraints block"); + DERInputStream dis = new DERInputStream(new ByteArrayInputStream(basicConstraints.getValue().getOctets())); + BasicConstraints bc = new BasicConstraints((DERConstructedSequence)dis.readObject()); + if (!bc.isCA()) throw new SSLException("non-CA certificate used for signing"); + } + + if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo())) + throw new SSLException("the server sent a broken chain of certificates"); + } last_cert = this_cert; i += certlen + 3; -- 1.7.10.4