ldaptive: bug in default certificate hostname verifier

tusury / vt-middleware

Automatically exported from code.google.com/p/vt-middleware

0 stars 0 forks source link

ldaptive: bug in default certificate hostname verifier #227

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

The DefaultHostnameVerifier parses the subject DN by tokenizing on the comma.
This could allow specially crafted certificate DNs to inject a common name.

For instance:
/CN=a.foo.com/O=CN=b.embed.com, foo/

Would parse as multiple CNs even though the second CN is embed in the O 
attribute.

The DefaultHostnameVerifier is used for LDAPS connection when a custom socket 
factory is not provided.

Original issue reported on code.google.com by dfis...@gmail.com on 3 Sep 2014 at 6:15

GoogleCodeExporter commented 8 years ago

Code no longer parses the DN as a string.
The DN is parsed from it's BER encoding.
Fixed in r3053.

Original comment by dfis...@gmail.com on 5 Sep 2014 at 6:09

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

Original comment by dfis...@gmail.com on 9 Sep 2014 at 2:57

Added labels: Priority-Critical, Security
Removed labels: Priority-Medium