Bug 1450451 - Too long AEAD ciphertexts are not rejected by the NSS server
Summary: Too long AEAD ciphertexts are not rejected by the NSS server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss
Version: 7.4
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: pre-dev-freeze
: 7.5
Assignee: Daiki Ueno
QA Contact: Hubert Kario
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-12 15:26 UTC by Hubert Kario
Modified: 2018-04-10 09:26 UTC (History)
4 users (show)

Fixed In Version: nss-3.34.0-0.1.beta1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-10 09:25:43 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0679 None None None 2018-04-10 09:26:39 UTC
Mozilla Foundation 1354152 None None None 2017-05-12 15:26:14 UTC

Description Hubert Kario 2017-05-12 15:26:15 UTC
Description of problem:
When server receives encrypted record that is longer than 2^14 but shorter than 2^14 + 2048 it is not rejected by the server as invalid

Version-Release number of selected component (if applicable):
nss-3.28.4-8.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. run tlsfuzzer test-chacha20.py 'too big plaintext' against NSS server

Actual results:
too big plaintext ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x1105dd0> (child: <tlsfuzzer.expect.ExpectClose object at 0x1105e10>) with last message being: <tlslite.messages.Message object at 0x129ca50>
Error while processing
Traceback (most recent call last):
  File "tlsfuzzer/scripts/test-chacha20.py", line 348, in main
    runner.run()
  File "/tmp/tmp.V7WHFppAb2/tlsfuzzer/tlsfuzzer/runner.py", line 167, in run
    RecordHeader2)))
AssertionError: Unexpected message from peer: ApplicationData(len=162)


Expected results:
OK

(record rejected with alert decompression_failure or record_overflow depending on record size)


Additional info:

Comment 16 errata-xmlrpc 2018-04-10 09:25:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0679


Note You need to log in before you can comment on or make changes to this bug.