[botan-devel] Remote DoS/crash in TLS code

tobeki at gmx.de tobeki at gmx.de
Sun Dec 25 12:14:21 EST 2011


Hi Jack,

I think it's a lot of work, but is supporting OCSP for Botan in process of 
planning?


-----Ursprüngliche Nachricht----- 
From: Stephan Jauernick
Sent: Friday, December 23, 2011 10:48 PM
To: Botan development list
Subject: Re: [botan-devel] Remote DoS/crash in TLS code

Hi Jack,

I would like to see Botan support Server Name Indication[1].
It would be great for potential webservers using botan!


[1] https://de.wikipedia.org/wiki/Server_Name_Indication

Am 23.12.2011 22:21, schrieb Jack Lloyd:
>
> While doing unrelated work on the TLS code, I discovered a lovely bug
> that will cause a crash if a record does not decrypt properly. A patch
> follows. You can work around this by only using RC4 based
> ciphersuites.
>
> While I'm on the subject, is anyone using the TLS code currently? I'm
> making a number of changes to support new features (state machine IO,
> session resumption, SRP, client cert auth, easier cert verification,
> etc), and breaking APIs like crazy (in a branch). So now would be an
> excellent time to comment on features you'd like / what you need for
> IO support / etc. Offlist is fine.
>
> If I don't hear from anybody I may assume nobody is using it and thus
> it's safe to land the whole branch for 1.10.2. ;)
>
> -Jack
>
> #
> # old_revision [6c2809f0c11ba10a137601a2e7eed7ac1f083002]
> #
> # patch "src/ssl/rec_read.cpp"
> #  from [a61c18bd4fb11ed3d3caa7332361cc137fbc0134]
> #    to [8b630305e3d3fa0dd25b8714cf801654473d5427]
> #
> ============================================================
> --- src/ssl/rec_read.cpp        a61c18bd4fb11ed3d3caa7332361cc137fbc0134
> +++ src/ssl/rec_read.cpp        8b630305e3d3fa0dd25b8714cf801654473d5427
> @@ -213,9 +213,14 @@ size_t Record_Reader::get_record(byte&  m
>            }
>         else
>            {
> +         bool padding_good = true;
> +
>            for(size_t i = 0; i != pad_size; ++i)
>               if(plaintext[plaintext.size()-i-1] != pad_value)
> -               pad_size = 0;
> +               padding_good = false;
> +
> +         if(!padding_good)
> +            pad_size = 0;
>            }
>         }
>
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel

_______________________________________________
botan-devel mailing list
botan-devel at randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel 




More information about the botan-devel mailing list