Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
openconnect.14956
openconnect-CVE-2020-12105.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openconnect-CVE-2020-12105.patch of Package openconnect.14956
From f07242df8ad6a0fb1a5b5a584ca086f1a429ee0b Mon Sep 17 00:00:00 2001 From: Jordy Zomer <jordy@simplyhacker.com> Date: Thu, 23 Apr 2020 13:28:12 +0200 Subject: [PATCH] Use OpenSSL X509_check_host() and X509_check_ip() correctly. These functions return 1 for a successful match, 0 for a failed match, -1 for an internal error, or -2 if the certificate is malformed. OpenConnect has been treating any value other than zero as a success, meaning that an attacker who could get a trusted CA to issue an invalid certificate (on which the ASN.1 decoder fails, for example), could use that to assume *any* identity. This is CVE-2020-12105. https://gitlab.com/openconnect/openconnect/-/merge_requests/96 Signed-off-by: Jordy Zomer <jordy@simplyhacker.com> --- openssl.c | 4 ++-- www/changelog.xml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) Index: openconnect-7.08/openssl.c =================================================================== --- openconnect-7.08.orig/openssl.c +++ openconnect-7.08/openssl.c @@ -1394,7 +1394,7 @@ static int match_cert_hostname(struct op { char *matched = NULL; - if (ipaddrlen && X509_check_ip(peer_cert, ipaddr, ipaddrlen, 0)) { + if (ipaddrlen && X509_check_ip(peer_cert, ipaddr, ipaddrlen, 0) == 1) { if (vpninfo->verbose >= PRG_DEBUG) { char host[80]; int family; @@ -1413,7 +1413,7 @@ static int match_cert_hostname(struct op } return 0; } - if (X509_check_host(peer_cert, vpninfo->hostname, 0, 0, &matched)) { + if (X509_check_host(peer_cert, vpninfo->hostname, 0, 0, &matched) == 1) { vpn_progress(vpninfo, PRG_DEBUG, _("Matched peer certificate subject name '%s'\n"), matched);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor