Hiroshi Nakamura nahi
nahi
/ 0001-Fix-SSL-client-connection-crash-for-SAN-marked-criti.patch
Created Jul 5, 2013
Fix SSL client connection crash for SAN marked critical The patch for CVE-2013-4073 (https://gist.github.com/nahi/5880963) caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it; [id, criticality, octet_string] if critical, [id, octet_string] if not. Making sure …
View 0001-Fix-SSL-client-connection-crash-for-SAN-marked-criti.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 61c3537bd9f8e37b01a8e45644c489fd8696c94b Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <nahi@ruby-lang.org> | |
| Date: Fri, 5 Jul 2013 23:22:29 +0900 | |
| Subject: [PATCH] Fix SSL client connection crash for SAN marked critical | |
| The patch for CVE-2013-4073 caused SSL crash when a SSL server returns | |
| the certificate that has critical SAN value. X509 extension could | |
| include 2 or 3 elements in it; | |
| [id, criticality, octet_string] if critical, |
nahi
/ null_bytes_in_san_cert.pem
Created Jun 28, 2013
% ruby -ropenssl -e 'p OpenSSL::X509::Certificate.new(File.read("foo.pem")).extensions.first.to_der' "0$\x06\x03U\x1D\x11\x04\x1D0\e\x82\x19www.example.com\x00.evil.com"
View null_bytes_in_san_cert.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN CERTIFICATE----- | |
| MIIBmjCCAUSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwQDEUMBIGCgmSJomT8ixk | |
| ARkWBHNvbWUxFDASBgoJkiaJk/IsZAEZFgRzaXRlMRIwEAYDVQQDDAlTb21lIFNp | |
| dGUwHhcNMTMwNTI0MDA1MzUwWhcNMTMwNTI0MDA1MzUwWjBAMRQwEgYKCZImiZPy | |
| LGQBGRYEc29tZTEUMBIGCgmSJomT8ixkARkWBHNpdGUxEjAQBgNVBAMMCVNvbWUg | |
| U2l0ZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCnY4jdC2xJja4+LIBk49M+n4h/ | |
| eJqZ4w1x2WGZIABIhA9rO9yZBGqyUgEHwGk4dzPv5vp1ANYDYLLTD9pltzKlAgMB | |
| AAGjKDAmMCQGA1UdEQQdMBuCGXd3dy5leGFtcGxlLmNvbQAuZXZpbC5jb20wDQYJ | |
| KoZIhvcNAQEFBQADQQCBLd3QLJv96/5kjrSnL0n6VRhyHrFudPCNsfG1/BUOCaCk | |
| kDlGeAyQDBqPk+SSOSlh1WlBZyiX+nmAgXdhuyge |
nahi
/ 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch
Last active Dec 19, 2015
Hostname check bypassing vulnerability in SSL client (CVE-2013-4073) patches. 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch is for 2.0. 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.ruby_1_9_3.patch is for 1.9.3. *UPDATE* The patches could cause SSL crash bug. Please apply https://gist.github.com/nahi/5934959, too.
View 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From ddaf5b57bdc051ccc1161ec5273a59d30fc2fb72 Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <nahi@ruby-lang.org> | |
| Date: Wed, 5 Jun 2013 23:14:16 +0900 | |
| Subject: [PATCH] Hostname check bypassing vulnerability in SSL client | |
| (CVE-2013-4073) | |
| Ruby's SSL client implements hostname identity check but the OpenSSL | |
| function it depends cannot properly handle hostnames in subjectAltName | |
| that contain null bytes. The fix parses DER encoded bytes of | |
| subjectAltName to extract GeneralName of dNSName and check it against |
nahi
/ gist:4449729
Last active Dec 10, 2015
You can create auto-encoding-detection version with your favorite logic. i.e. super(rhs.force_encoding(mydetect(rhs)))
View gist:4449729
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'refinement' | |
| module StringForceEncodingConcat | |
| refine String do | |
| def +(rhs) | |
| begin | |
| super | |
| rescue Encoding::CompatibilityError | |
| super(rhs.force_encoding(self.encoding)) | |
| end |
nahi
/ protected.rb
Created Oct 15, 2012
View protected.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Node | |
| def eval(other) | |
| other.protected_method(self) | |
| end | |
| protected | |
| def protected_method(other) | |
| other | |
| end |
nahi
/ signed_request.json
Created Oct 9, 2012
View signed_request.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "context": { | |
| "user": { | |
| "fullName": "Nakamura Hiroshi", | |
| "userId": "005x0000000KzS8AAK", | |
| "userName": "XXXX", | |
| "email": "XXXX", | |
| "profilePhotoUrl": "/profilephoto/005/F", | |
| ... | |
| }, |
nahi
/ JPACollision.java
Created Jul 31, 2012
https://twitter.com/aumasson/status/229947172454551552
View JPACollision.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class JPACollision { | |
| public static void main(String[] args) { | |
| byte[] bytes1 = new byte[] { | |
| 0x58, (byte) 0xa1, (byte) 0x82, 0x6c, 0x00, 0x00, (byte) 0xb1, 0x3b | |
| }; | |
| byte[] bytes2 = new byte[] { | |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
| }; | |
| byte[] bytes12 = concat(bytes1, bytes2); | |
| byte[] bytes21 = concat(bytes2, bytes1); |
nahi
/ gist:2951537
Created Jun 19, 2012
View gist:2951537
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % cat Switch.java | |
| public class Switch { | |
| public static void main(String[] args) { | |
| switch(args[0]) { | |
| case "abc": | |
| break; | |
| default: | |
| break; | |
| } | |
| } |
nahi
/ gist:2922421
Created Jun 13, 2012
View gist:2922421
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % mkdir foo | |
| % echo 'p [__FILE__, __LINE__, File.read(File.expand_path("./baz.txt", File.dirname(__FILE__)))]' > foo/bar.rb | |
| % echo hello,world > foo/baz.txt | |
| % jar -cf foo.jar foo | |
| % rm -rf foo | |
| % jruby -e '$LOAD_PATH << "foo.jar"; require "foo/bar"' | |
| ["jar:file:foo.jar!/foo/bar.rb", 1, "hello,world\n"] | |
| % mkdir foo |
View gist:2617669
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this with trunk (Tested with ae4fa795) | |
| 1.upto(24).each do |size| | |
| p size | |
| File.open(IO::NULL, "w") do |w| | |
| File.open(__FILE__) do |r| | |
| buf = '' | |
| while !r.read(size, buf).nil? | |
| w << buf # It works when you remove this line. | |
| end | |
| end |
NewerOlder