Parsing a certificate containing numerous names or name constraints leads to a DoS attack

Description of problem:

According to RFC5280, many fields do not have explicit limitations on their quantity, typical examples include the subject alternative names and name constraints in X509v3 extensions.

However, in practice, an upper bound for the number of such fields needs to be set explicitly. Otherwise, parsing a malicious certificate containing numerous meaningless fields of this type may consume a significant amount of time.

As for GnuTLS, the issue lies in the implementations of the following two functions:

• gnutls_x509_ext_import_subject_alt_names
• gnutls_x509_ext_import_name_constraints

Both of the two functions faithfully handle each name or name constraint without checking their quantity. Therefore, if an attacker crafts a malformed certificate containing a large number of such garbage fields, any users attempting to parse this certificate using the GnuTLS APIs are vulnerable to a DoS attack in the form of CPU resource exhaustion.

Version of gnutls used:

The latest stable version (v3.7.11)

How reproducible:

certtool -i --infile cert.pem

The crafted malformed certificate cert.pem can be seen in the attachment:

cert.pem

Results:

We use the top command to check the CPU usage, and we can see that gnutls's CPU usage quickly reached 100%:

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
14070 root      20   0   35200  26680   4364 R 100.0   0.2   0:06.11 certtool 

The number of fields in this certificate can be further increased or decreased based on attackers' expected duration of maintaining CPU utilization at 100% in different environments.

Discussion

Based on the previous discussion, it appears that the issue may ultimately stem from the libtasn1 library. Please refer to #issue 1553 in GnuTLS.