oss-sec mailing list archives

Re: STARTTLS vulnerabilities

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 11 Aug 2021 09:51:04 +0200

On Wed, 11 Aug 2021 08:09:57 +0100
Matthew Wild <mwild1 () gmail com> wrote:

XMPP has some additional protections against this in its design. It is
required, after TLS negotiation, for both parties to discard the
pre-TLS XML stream and negotiate a new one after TLS has been
established[1].


This is actually not much different from how STARTTLS works in SMTP or
IMAP. You are basically advised to throw away all state from pre-TLS.
But yet here we are with > 40 vulnerabilities.

The buffering issue is really subtle if you look at how such code is
written. It's basically "if you implement this with C API file
descriptors you will very likely create this bug *unless* you're aware
of it and actively avoid it". And I don't see how XMPP would be any
different here.


-- 
Hanno Böck
https://hboeck.de/

Current thread:

STARTTLS vulnerabilities Hanno Böck (Aug 10)
- Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
  - Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
    - Re: STARTTLS vulnerabilities Eric Blake (Aug 11)
    - Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
    - Re: STARTTLS vulnerabilities Eric Blake (Aug 16)
    - Re: STARTTLS vulnerabilities Eric Blake (Aug 18)
  - Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)
    - Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
    - Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)