1From 6a6c275534e31b41f6d203cfd92685b7526a45e8 Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Fri, 11 Nov 2022 10:15:38 +0530
4Subject: [PATCH] CVE-2022-40617
5
6Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2022-40617]
7CVE: CVE-2022-40617
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9
10credential-manager: Do online revocation checks only after
11 basic trust chain validation
12
13This avoids querying URLs of potentially untrusted certificates, e.g. if
14an attacker sends a specially crafted end-entity and intermediate CA
15certificate with a CDP that points to a server that completes the
16TCP handshake but then does not send any further data, which will block
17the fetcher thread (depending on the plugin) for as long as the default
18timeout for TCP.  Doing that multiple times will block all worker threads,
19leading to a DoS attack.
20
21The logging during the certificate verification obviously changes.
22---
23 .../credentials/credential_manager.c          | 54 +++++++++++++++----
24 1 file changed, 45 insertions(+), 9 deletions(-)
25
26diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
27index 3be0190..f65372b 100644
28--- a/src/libstrongswan/credentials/credential_manager.c
29+++ b/src/libstrongswan/credentials/credential_manager.c
30@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this)
31  */
32 static bool check_lifetime(private_credential_manager_t *this,
33 						   certificate_t *cert, char *label,
34-						   int pathlen, bool trusted, auth_cfg_t *auth)
35+						   int pathlen, bool anchor, auth_cfg_t *auth)
36 {
37 	time_t not_before, not_after;
38 	cert_validator_t *validator;
39@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this,
40 			continue;
41 		}
42 		status = validator->check_lifetime(validator, cert,
43-										   pathlen, trusted, auth);
44+										   pathlen, anchor, auth);
45 		if (status != NEED_MORE)
46 		{
47 			break;
48@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this,
49  */
50 static bool check_certificate(private_credential_manager_t *this,
51 				certificate_t *subject, certificate_t *issuer, bool online,
52-				int pathlen, bool trusted, auth_cfg_t *auth)
53+				int pathlen, bool anchor, auth_cfg_t *auth)
54 {
55 	cert_validator_t *validator;
56 	enumerator_t *enumerator;
57
58 	if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) ||
59-		!check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth))
60+		!check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth))
61 	{
62 		return FALSE;
63 	}
64@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this,
65 			continue;
66 		}
67 		if (!validator->validate(validator, subject, issuer,
68-								 online, pathlen, trusted, auth))
69+								 online, pathlen, anchor, auth))
70 		{
71 			enumerator->destroy(enumerator);
72 			return FALSE;
73@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
74 	auth_cfg_t *auth;
75 	signature_params_t *scheme;
76 	int pathlen;
77+	bool is_anchor = FALSE;
78
79 	auth = auth_cfg_create();
80 	get_key_strength(subject, auth);
81@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
82 				auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer));
83 				DBG1(DBG_CFG, "  using trusted ca certificate \"%Y\"",
84 							  issuer->get_subject(issuer));
85-				trusted = TRUE;
86+				trusted = is_anchor = TRUE;
87 			}
88 			else
89 			{
90@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this,
91 				DBG1(DBG_CFG, "  issuer is \"%Y\"",
92 					 current->get_issuer(current));
93 				call_hook(this, CRED_HOOK_NO_ISSUER, current);
94+				if (trusted)
95+				{
96+					DBG1(DBG_CFG, "  reached end of incomplete trust chain for "
97+						 "trusted certificate \"%Y\"",
98+						 subject->get_subject(subject));
99+				}
100 				break;
101 			}
102 		}
103-		if (!check_certificate(this, current, issuer, online,
104-							   pathlen, trusted, auth))
105+		/* don't do online verification here */
106+		if (!check_certificate(this, current, issuer, FALSE,
107+							   pathlen, is_anchor, auth))
108 		{
109 			trusted = FALSE;
110 			issuer->destroy(issuer);
111@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
112 		}
113 		current->destroy(current);
114 		current = issuer;
115-		if (trusted)
116+		if (is_anchor)
117 		{
118 			DBG1(DBG_CFG, "  reached self-signed root ca with a "
119 				 "path length of %d", pathlen);
120@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this,
121 		DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
122 		call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject);
123 	}
124+	else if (trusted && online)
125+	{
126+		enumerator_t *enumerator;
127+		auth_rule_t rule;
128+
129+		/* do online revocation checks after basic validation of the chain */
130+		pathlen = 0;
131+		current = subject;
132+		enumerator = auth->create_enumerator(auth);
133+		while (enumerator->enumerate(enumerator, &rule, &issuer))
134+		{
135+			if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT)
136+			{
137+				if (!check_certificate(this, current, issuer, TRUE, pathlen++,
138+									   rule == AUTH_RULE_CA_CERT, auth))
139+				{
140+					trusted = FALSE;
141+					break;
142+				}
143+				else if (rule == AUTH_RULE_CA_CERT)
144+				{
145+					break;
146+				}
147+				current = issuer;
148+			}
149+		}
150+		enumerator->destroy(enumerator);
151+	}
152 	if (trusted)
153 	{
154 		result->merge(result, auth, FALSE);
155--
1562.25.1
157
158