

Black Hat 2009: Get an SSL cert valid for any domain using a null character - blasdel
http://hackaday.com/2009/07/29/black-hat-2009-breaking-ssl-with-null-characters/

======
blasdel
The Certificate Authority looks at the domain string starting from the root,
and NSS looks at it like a normal string.

The real problem is not just that they both stop at the null character, but
that they both _preserve the original input_ instead of only passing along the
part before the first null.

------
jrockway
Earlier today I wrote a post about "security problems that C causes" and
neglected to mention the use of null-terminated strings instead of a proper
data structure that encapsulates length along with the string.

Well, this is what happens when you assume some sort of special data is valid,
when it isn't actually. (\0 can appear in a string, it's a perfectly valid
character, so it's not safe to use it to terminate the string. But people do
anyway.)

~~~
blasdel
While null-terminated strings aren't helping matters, the meat of the problem
is much worse:

Effectively, they're using _strcmp_ with _memcpy_ on the same data -- it's
just ridiculously stupid.

~~~
pmjordan
Wasn't it a similar bug that facilitated the first successful software-only
Wii cracking attempt?

~~~
blasdel
I actually thought about mentioning that...

All software (code+data) on the Wii must be signed, but the code burned into
the supervisor chip does a _strcmp_ on the raw binary signature. It's pretty
trivial to generate a hash collision when you can force only the first byte to
be compared :)

