incorrect use of X509_check_* functions, leading to MITM attacks.
The X509_check_host and X509_check_ip functions are a part of a collection of functions used to match certain properties of certificates. They are used to check whether a certificate matches a given host name, email address, or IP address and are available since OpenSSL 1.0.2. In particular, the X509_check_host function checks if the certificate's Subject Alternative Name or CommonName matches the specified host name.
int X509_check_host(X509 *, const char *name, size_t namelen, unsigned int flags, char **peername); These functions return 1 for a successful match, 0 for a failed match, -1 for an internal error, or -2 if the input is malformed.
Openconnect unfortunately incorrectly uses this function. If an attacker can force the function to fail with a negative value, the if condition will evaluate to true, setting the value of cert_valid to one (valid). Making the API return a negative value is a trivial thing since any certificate with a null byte on its SAN or CN will make it return -2.
This vulnerability allows an attacker that is able to get valid certificates from a CA with a specially crafted CommonName to perform a person-in-the-middle attack against VPN clients.
Signed-off-by: Jordy Zomer [email protected]