[asterisk-bugs] [JIRA] (ASTERISK-24847) [security] [patch] tcptls: certificate CN NULL byte prefix bug
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Wed Apr 8 16:19:33 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-24847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-24847:
-----------------------------------
Security: None (was: Reporter, Bug Marshals, and Digium)
> [security] [patch] tcptls: certificate CN NULL byte prefix bug
> --------------------------------------------------------------
>
> Key: ASTERISK-24847
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24847
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Reporter: Matt Jordan
> Assignee: Jonathan Rose
> Labels: Security
> Attachments: asterisk-null-in-cn.patch
>
>
> host{quote}
> Hello,
> Asterisk contain certificate common name NULL byte prefix bug in tcptls.c.
> Specifically, if presented certificate has a Common Name of format "host.com\x00.somedomain.com" the certificate will
> be accepted for host.com despite being issued for somedomain.com.
> Attached is proposed patch (generated against asterisk-11.15.0).
> Verified with SIP TLS transport - without the patch such certificates are accepted,
> with the patch applied they are rejected due to CN length mismatch.
> Best regards,
> Maciej Szmigiero
> {quote}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list