summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-08-10 11:59:57 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-08-10 12:31:43 (GMT)
commit87c62128266a4e2289c1854e35aba3fc17d44045 (patch)
tree3936623d671e741d95c4dcb33e7ce0ee2f9f8a74
parentb5f95fbf615b113e3e6d2b42f6b84309d6588b1f (diff)
downloadQt-87c62128266a4e2289c1854e35aba3fc17d44045.zip
Qt-87c62128266a4e2289c1854e35aba3fc17d44045.tar.gz
Qt-87c62128266a4e2289c1854e35aba3fc17d44045.tar.bz2
QSslSocket: fix security vulnerability with wildcard IP addresses
This fixes Westpoint Security issue with Advisory ID#: wp-10-0001. Before, we would allow wildcards in IP addresses like *.2.3.4 ; now, IP addresses must match excatly. Patch-by: Richard J. Moore <rich@kde.org> Task-number: QT-3704
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp5
-rw-r--r--tests/auto/qsslsocket/tst_qsslsocket.cpp2
2 files changed, 7 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 103a7ef..625d739 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -992,6 +992,11 @@ bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QStri
if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot))
return false;
+ // Check if the hostname is an IP address, if so then wildcards are not allowed
+ QHostAddress addr(hostname);
+ if (!addr.isNull())
+ return false;
+
// Ok, I guess this was a wildcard CN and the hostname matches.
return true;
}
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index 225e2e8..8f7e0d9 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -1057,6 +1057,7 @@ void tst_QSslSocket::wildcardCertificateNames()
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example.com"), QString("www.example.com")), true );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx*.example.com"), QString("xxxwww.example.com")), true );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("f*.example.com"), QString("foo.example.com")), true );
+ QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("192.168.0.0"), QString("192.168.0.0")), true );
// Failing CN matches
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx.example.com"), QString("www.example.com")), false );
@@ -1070,6 +1071,7 @@ void tst_QSslSocket::wildcardCertificateNames()
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example."), QString("www.example")), false );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString(""), QString("www")), false );
QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*"), QString("www")), false );
+ QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.168.0.0"), QString("192.168.0.0")), false );
}
void tst_QSslSocket::wildcard()