[gnutls-devel] GnuTLS | No security validation in ChangeCipherSpec payload (#1439)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Dec 7 08:03:18 CET 2022



SmallTown123 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1439



When testing multiple versions of GnuTLS(3.6.12,3.6.4,3.5.18,but this seems to be common across all versions of GnuTLS), 
we found that the GnuTLS server did not detect the payload of the **ChangeCipherSpec** protocol during the third handshake test of TLS1.2. 
Its normal payload value should be 1 (according to RFC5246). 
The GnuTLS server still had a normal response and did not response any Alert messages while we sent other random payload bytes. 
At present, this issue does not cause a direct security issue, but it is easy to cause parsing ambiguity in the communication process, and it is unknown whether it will be exploited in the future.
I think the code snippet that caused the issue is located at `static int recv_handshake_final(gnutls_session_t session, int init)`
function in ./lib/handshake.c.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1439
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221207/937c7978/attachment-0001.html>


More information about the Gnutls-devel mailing list