From 87c62128266a4e2289c1854e35aba3fc17d44045 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Tue, 10 Aug 2010 13:59:57 +0200 Subject: QSslSocket: fix security vulnerability with wildcard IP addresses This fixes Westpoint Security issue with Advisory ID#: wp-10-0001. Before, we would allow wildcards in IP addresses like *.2.3.4 ; now, IP addresses must match excatly. Patch-by: Richard J. Moore Task-number: QT-3704 --- src/network/ssl/qsslsocket_openssl.cpp | 5 +++++ tests/auto/qsslsocket/tst_qsslsocket.cpp | 2 ++ 2 files changed, 7 insertions(+) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 103a7ef..625d739 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -992,6 +992,11 @@ bool QSslSocketBackendPrivate::isMatchingHostname(const QString &cn, const QStri if (hostname.midRef(hostname.indexOf(QLatin1Char('.'))) != cn.midRef(firstCnDot)) return false; + // Check if the hostname is an IP address, if so then wildcards are not allowed + QHostAddress addr(hostname); + if (!addr.isNull()) + return false; + // Ok, I guess this was a wildcard CN and the hostname matches. return true; } diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp index 225e2e8..8f7e0d9 100644 --- a/tests/auto/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp @@ -1057,6 +1057,7 @@ void tst_QSslSocket::wildcardCertificateNames() QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example.com"), QString("www.example.com")), true ); QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx*.example.com"), QString("xxxwww.example.com")), true ); QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("f*.example.com"), QString("foo.example.com")), true ); + QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("192.168.0.0"), QString("192.168.0.0")), true ); // Failing CN matches QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("xxx.example.com"), QString("www.example.com")), false ); @@ -1070,6 +1071,7 @@ void tst_QSslSocket::wildcardCertificateNames() QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.example."), QString("www.example")), false ); QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString(""), QString("www")), false ); QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*"), QString("www")), false ); + QCOMPARE( QSslSocketBackendPrivate::isMatchingHostname(QString("*.168.0.0"), QString("192.168.0.0")), false ); } void tst_QSslSocket::wildcard() -- cgit v0.12