Hi developers:
Nowadays we made a large scale security static analysis on several open
source projects, and found some mistakes in uhub_0.4.1. In the @src/network/
openssl.c:245:
ssize_t net_con_ssl_handshake(struct net_connection* con, enum
net_con_ssl_mode ssl_mode, struct ssl_context_handle* ssl_ctx)
{
[...]
else
{
handle->ssl = SSL_new(SSL_CTX_new(TLSv1_method()));
SSL_set_fd(handle->ssl, con->sd);
handle->bio = SSL_get_rbio(handle->ssl);
con->ssl = (struct ssl_handle*) handle;
return net_con_ssl_connect(con);
}
You do SSL_connect(ssl) in net_con_ssl_connect(con) and when finish this
step, you immedicately start to execute read/write operation without verify
certificate,which can lead to MITM attack and cause leakage of sensitive
data.We recommand you add verify operation such as SSL_CTX_set_verify or
SSL_get_peer_certificate to guarantee the security. We
have send the bug report to Ubuntu launchpad,and also inform you of such
news.Here are the link:
https://bugs.launchpad.net/ubuntu/+source/uhub/+bug/1677495
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
