Re: [TLS] TLS renegotiation issue

To: Marsh Ray <marsh at extendedsubset.com>
Subject: Re: [TLS] TLS renegotiation issue
From: Michael D'Errico <mike-list at pobox.com>
Date: Thu, 05 Nov 2009 10:50:31 -0800
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=Q3IZ0M3oM+R2 gncw8iXz3UPIo+4=; b=In9oLdQ7tyglRUsmB3MGjui3DBhK3bODuFk0vCALPj1B x9zButpgaArniNPgJgGs/LHK7gYx+F+ZXafOa2DMuPQA6Hel6IonUawn/K1Z1h2h +uottO+nMiNpr5e91sxcscT/oIjePQHnXZzrKuYmKJXUQRqkjpRh05YFf6kb/Og=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=FvBbCn ZiDRf6vjtM7b4Nslit0wEJ/WkvMKlYRsDALSALy+ZymSBUwNt7UmMQc9FZnBvr9m sV94tShOqbTyRAVpwrhe8k5pEvSQAvVvECN5SRYHzgCmN+1m1XLSzOUeeHTZJhxn SoPnl6aBQOBAR6aqZZgJJzDqXciuBP5VL4kDE=
In-reply-to: <4AF24942.2090809 at extendedsubset.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <73843DF9-EFCB-4B8D-913E-FE2235E5BDD3 at rtfm.com> <054CC553-7D2E-435E-ADE3-4FBE7B2DB3F8 at rtfm.com> <4AF24942.2090809 at extendedsubset.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Excerpt from the PDF:

> char *req =
>   "GET /highsecurity/index.html HTTP/1.1\r\n"
>   "Host: example.com\r\n"
>   "Connection: keep-alive\r\n"
>   "\r\n"
>   "GET /evil/doEvil.php?evilStuff=here HTTP/1.1\r\n"
>   "Host: example.com\r\n"
>   "Connection: close\r\n"
>   "X-ignore-what-comes-next: ";

The attack works because the last line is unterminated to effectively
comment out the client's GET request.

A possible counter to this attack is for the client to send two
CRLF's prior to its actual request.  This will separate the evil
request from the actual one containing the Cookie.  RFC 2616
prohibits this, but suggests that HTTP servers ignore extraneous
CRLF's due to buggy HTTP/1.0 clients.  In practice, HTTP servers
I've tested ignore them.

Mike

Marsh Ray wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Just out:

http://extendedsubset.com/?p=8


Eric Rescorla wrote:

I should also mention his colleague from phonefactor, steve dispensa.


And I should mention that EKR, as well as some others who frequent this
group, have been invaluable in this process so far.

I should mention it, but I didn't because I've deliberately left out
names where I didn't have a chance to touch base with the person first.

Anyway, I hope this info proves to be valuable and timely for the
Hiroshima meeting.

By the way, I'm available if I can help answer questions on this list,
on the phone, or direct email marsh at extendedsubset.com .

- - Marsh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkrySUAACgkQWChJ3x422/KR/gCfcoAZMgD4RsXVUtLinCSDYWnk
14YAnAmtQWE64+61Z0y5ioh/NM1DoPyz
=YVva
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [TLS] TLS renegotiation issue
  - From: Florian Weimer

References:
- [TLS] TLS renegotiation issue
  - From: Eric Rescorla
- Re: [TLS] TLS renegotiation issue
  - From: Eric Rescorla
- Re: [TLS] TLS renegotiation issue
  - From: Marsh Ray

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] TLS renegotiation issue
Next by thread: Re: [TLS] TLS renegotiation issue
Index(es):
- Date
- Thread

Re: [TLS] TLS renegotiation issue

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.