search

KawaiiBASIC / classilla

Automatically exported from code.google.com/p/classilla
0 stars 0 forks source link

Repair Rizzo/Duong BEAST SSL issue #167

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
We are vulnerable, but hard to exploit. Still, this is a high-profile attack.

https://bugzilla.mozilla.org/show_bug.cgi?id=665814

Original issue reported on code.google.com by classi...@floodgap.com on 10 Oct 2011 at 9:02

GoogleCodeExporter commented 9 years ago 
The patch is quite involved but we can simplify it by removing the option 
switches.

Original comment by classi...@floodgap.com on 10 Oct 2011 at 9:04

GoogleCodeExporter commented 9 years ago 
The first set of changes are in ssl3_SendRecord.

Original comment by classi...@floodgap.com on 10 Oct 2011 at 9:47

GoogleCodeExporter commented 9 years ago 
This will be a problem; ssl3_SendRecord has everything in it (i.e., there is no 
ssl3_CompressMACEncryptRecord for the patch to call).

Original comment by classi...@floodgap.com on 10 Oct 2011 at 9:52

GoogleCodeExporter commented 9 years ago 
We could change the while (bytes > 0) loop. contentLen would always be 1 the 
first go-around.

Original comment by classi...@floodgap.com on 10 Oct 2011 at 10:00

GoogleCodeExporter commented 9 years ago 
This didn't work on all sites.

After formal review, determining that while the theoretical vulnerability 
exists, there is no effective way to trigger it in Classilla, and fixing it 
will likely introduce more bugs for no good reason. Closing WontFix.

Original comment by classi...@floodgap.com on 11 Oct 2011 at 12:34