oss-sec mailing list archives
Re: STARTTLS vulnerabilities
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 11 Aug 2021 09:51:04 +0200
On Wed, 11 Aug 2021 08:09:57 +0100 Matthew Wild <mwild1 () gmail com> wrote:
XMPP has some additional protections against this in its design. It is required, after TLS negotiation, for both parties to discard the pre-TLS XML stream and negotiate a new one after TLS has been established[1].
This is actually not much different from how STARTTLS works in SMTP or IMAP. You are basically advised to throw away all state from pre-TLS. But yet here we are with > 40 vulnerabilities. The buffering issue is really subtle if you look at how such code is written. It's basically "if you implement this with C API file descriptors you will very likely create this bug *unless* you're aware of it and actively avoid it". And I don't see how XMPP would be any different here. -- Hanno Böck https://hboeck.de/
Current thread:
- STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 11)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 16)
- Re: STARTTLS vulnerabilities Eric Blake (Aug 18)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
- Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
- Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)