d1e2c2f2c8
The hostname of the SSL socket was not verified. This made the read from the socket insecure since without verifying the hostname it may be vulnerable to a man-in-the-middle attack as described in [1]. This issue was reported by Sam Blackshear and Jules Villard from the Infer static analysis team at Facebook and it was detected by running Infer [2] on the Gerrit code base. As described in [3] Java 7 has a mechanism to verify the identity of the certificate directly as part of the SSLSocket/SSLEngine API, and with this change we make use of it to verify the hostname. I discussed this with Shawn and we decided to develop this fix in open source since the issue is in a non-critical part of Gerrit. [1] https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf [2] http://fbinfer.com/ [3] http://stackoverflow.com/questions/17972658/sslsocket-ignores-domain-mismatch/17979954#17979954 Change-Id: I0a06c8e4791a5cd3fa776d4a8250b889678b3c32 Signed-off-by: Edwin Kempin <ekempin@google.com> |
||
|---|---|---|
| .. | ||
| src/main/java/org/apache/commons/net/smtp | ||
| BUCK | ||