Re: x509 cert parsing in web browsers

[pgut001 () cs auckland ac nz (Peter Gutmann)]

Michal Zalewski <lcamtuf () dione ids pl> writes:

> The certificate format is built around ASN.1 and uses arbitrarily imposed
> length limitations on bounded strings that describe the certificate. Quite
> obviously, this is asking for problems, many implementators may assume this
> is the absolute maximum and may be not prepared to handle any more.

Actually it's quite sensible, it provides a sane upper limit to check for
problems, in the same way that any well-designed protocol (and standard in
general, e.g. the C language standard) will provide upper limits to eliminate
problems with arbitrary data input (in C's case things like recursive macro
expansion).

> After a ten minute test, it turned out that most of mainstream browsers
> failed miserably at some point, at minimum allowing DoS because of resource
> starvation because of apparent parser bugs (Opera), or simply crashing
> (Netscape, Mozilla).

When I looked at this in a previous century, both Netscape and MSIE could
handle arbitrary-length components (> 1MB, where the limit was supposed to be
~100 bytes).  Both were half as fast as a heavily-sedated sloth in processing
these certs, and I had to delete the Netscape cert DB afterwards to make the
program usable again.  I never explored it further, but it was obvious that
neither of the two were doing any range checking on input, which was kind of
worrying for a security-checking application.

Peter.