[strongSwan-dev] Possible crash when OCSP response contains "ResponderID.byKey"

Andreas Steffen andreas.steffen at strongswan.org
Mon Feb 20 12:18:14 CET 2012 

Привет Владимир,

yes this causes pluto to crash. Fixed in the forthcoming 4.6.2 release:

http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=e4f554404ec53f6498bc62d42b089bd5697ed147

Thanks

Andreas

On 02/17/2012 02:16 PM, Владимир Подобаев wrote:
> Hello.
>
> I found a possible crash of Pluto. Please, check it.
>
> OCSP response contains a choice.
>
> ResponderID ::= CHOICE {
>        byName               [1] Name,
>        byKey                [2] KeyHash }
>
>
> Assume, we got byKey choice. Then:
>
> In pluto/ocsp.c: in function valid_ocsp_response:
>
> authcert = get_authcert(res->responder_id_name, res->responder_id_key, X509_OCSP_SIGNER | X509_CA);
>
> In our case res->responder_id_name will be NULL.
>
> In pluto/ca.c: in function get_authcert:
>
>             if (keyid.ptr)
>                 {
>                       chunk_t subjectKeyId;
>                       subjectKeyId = x509->get_subjectKeyIdentifier(x509);
>                       if (subjectKeyId.ptr&&  !chunk_equals(keyid, subjectKeyId))
>                       {
>                           continue;
>                       }
>                 }
>               /* compare the subjectDistinguishedNames */
>             if (!certificate->has_subject(certificate, subject))
>             {
>                         continue;
>             }
>
> In our case we will call certificate->has_subject(certificate, NULL).
> Because subject is NULL.
>
> In libstrongswan/plugins/x509/x509_cert.c: has_subject:
>
> We use the subject pointer in the first code line:
> if  (subject->get_type(subject) == ID_KEY_ID)
>
> And the subject is NULL.
>
> Am I right? Or maybe I missed something. I haven't found any other place of setting res->responder_id_name, but in parsing function.
> And if we got byKey choice - res->responder_id_name will remain in NULL. Right?
>
>
> Best regards, Vladimir

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list