Hiroshi Nakamura nahi
nahi
/ 0001-Fix-SSL-client-connection-crash-for-SAN-marked-criti.patch
Created
July 5, 2013 14:34
Fix SSL client connection crash for SAN marked critical The patch for CVE-2013-4073 (https://gist.github.com/nahi/5880963) caused SSL crash when a SSL server returns the certificate that has critical SAN value. X509 extension could include 2 or 3 elements in it; [id, criticality, octet_string] if critical,
[id, octet_string] if not. Making sure …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 61c3537bd9f8e37b01a8e45644c489fd8696c94b Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <nahi@ruby-lang.org> | |
| Date: Fri, 5 Jul 2013 23:22:29 +0900 | |
| Subject: [PATCH] Fix SSL client connection crash for SAN marked critical | |
| The patch for CVE-2013-4073 caused SSL crash when a SSL server returns | |
| the certificate that has critical SAN value. X509 extension could | |
| include 2 or 3 elements in it; | |
| [id, criticality, octet_string] if critical, |
nahi
/ null_bytes_in_san_cert.pem
Created
June 28, 2013 00:21
% ruby -ropenssl -e 'p OpenSSL::X509::Certificate.new(File.read("foo.pem")).extensions.first.to_der'
"0$\x06\x03U\x1D\x11\x04\x1D0\e\x82\x19www.example.com\x00.evil.com"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN CERTIFICATE----- | |
| MIIBmjCCAUSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwQDEUMBIGCgmSJomT8ixk | |
| ARkWBHNvbWUxFDASBgoJkiaJk/IsZAEZFgRzaXRlMRIwEAYDVQQDDAlTb21lIFNp | |
| dGUwHhcNMTMwNTI0MDA1MzUwWhcNMTMwNTI0MDA1MzUwWjBAMRQwEgYKCZImiZPy | |
| LGQBGRYEc29tZTEUMBIGCgmSJomT8ixkARkWBHNpdGUxEjAQBgNVBAMMCVNvbWUg | |
| U2l0ZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCnY4jdC2xJja4+LIBk49M+n4h/ | |
| eJqZ4w1x2WGZIABIhA9rO9yZBGqyUgEHwGk4dzPv5vp1ANYDYLLTD9pltzKlAgMB | |
| AAGjKDAmMCQGA1UdEQQdMBuCGXd3dy5leGFtcGxlLmNvbQAuZXZpbC5jb20wDQYJ | |
| KoZIhvcNAQEFBQADQQCBLd3QLJv96/5kjrSnL0n6VRhyHrFudPCNsfG1/BUOCaCk | |
| kDlGeAyQDBqPk+SSOSlh1WlBZyiX+nmAgXdhuyge |
nahi
/ 0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch
Last active
December 19, 2015 02:09
Hostname check bypassing vulnerability in SSL client (CVE-2013-4073) patches.
0001-Hostname-check-bypassing-vulnerability-in-SSL-client.patch is for 2.0.
0001-Hostname-check-bypassing-vulnerability-in-SSL-client.ruby_1_9_3.patch is for 1.9.3. *UPDATE* The patches could cause SSL crash bug. Please apply https://gist.github.com/nahi/5934959, too.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From ddaf5b57bdc051ccc1161ec5273a59d30fc2fb72 Mon Sep 17 00:00:00 2001 | |
| From: Hiroshi Nakamura <nahi@ruby-lang.org> | |
| Date: Wed, 5 Jun 2013 23:14:16 +0900 | |
| Subject: [PATCH] Hostname check bypassing vulnerability in SSL client | |
| (CVE-2013-4073) | |
| Ruby's SSL client implements hostname identity check but the OpenSSL | |
| function it depends cannot properly handle hostnames in subjectAltName | |
| that contain null bytes. The fix parses DER encoded bytes of | |
| subjectAltName to extract GeneralName of dNSName and check it against |
nahi
/ gist:4449729
Last active
December 10, 2015 14:49
You can create auto-encoding-detection version with your favorite logic. i.e. super(rhs.force_encoding(mydetect(rhs)))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'refinement' | |
| module StringForceEncodingConcat | |
| refine String do | |
| def +(rhs) | |
| begin | |
| super | |
| rescue Encoding::CompatibilityError | |
| super(rhs.force_encoding(self.encoding)) | |
| end |
nahi
/ protected.rb
Created
October 15, 2012 22:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Node | |
| def eval(other) | |
| other.protected_method(self) | |
| end | |
| protected | |
| def protected_method(other) | |
| other | |
| end |
nahi
/ signed_request.json
Created
October 9, 2012 02:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "context": { | |
| "user": { | |
| "fullName": "Nakamura Hiroshi", | |
| "userId": "005x0000000KzS8AAK", | |
| "userName": "XXXX", | |
| "email": "XXXX", | |
| "profilePhotoUrl": "/profilephoto/005/F", | |
| ... | |
| }, |
nahi
/ JPACollision.java
Created
July 31, 2012 00:12
https://twitter.com/aumasson/status/229947172454551552
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class JPACollision { | |
| public static void main(String[] args) { | |
| byte[] bytes1 = new byte[] { | |
| 0x58, (byte) 0xa1, (byte) 0x82, 0x6c, 0x00, 0x00, (byte) 0xb1, 0x3b | |
| }; | |
| byte[] bytes2 = new byte[] { | |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
| }; | |
| byte[] bytes12 = concat(bytes1, bytes2); | |
| byte[] bytes21 = concat(bytes2, bytes1); |
nahi
/ gist:2951537
Created
June 19, 2012 00:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % cat Switch.java | |
| public class Switch { | |
| public static void main(String[] args) { | |
| switch(args[0]) { | |
| case "abc": | |
| break; | |
| default: | |
| break; | |
| } | |
| } |
nahi
/ gist:2922421
Created
June 13, 2012 06:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % mkdir foo | |
| % echo 'p [__FILE__, __LINE__, File.read(File.expand_path("./baz.txt", File.dirname(__FILE__)))]' > foo/bar.rb | |
| % echo hello,world > foo/baz.txt | |
| % jar -cf foo.jar foo | |
| % rm -rf foo | |
| % jruby -e '$LOAD_PATH << "foo.jar"; require "foo/bar"' | |
| ["jar:file:foo.jar!/foo/bar.rb", 1, "hello,world\n"] | |
| % mkdir foo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this with trunk (Tested with ae4fa795) | |
| 1.upto(24).each do |size| | |
| p size | |
| File.open(IO::NULL, "w") do |w| | |
| File.open(__FILE__) do |r| | |
| buf = '' | |
| while !r.read(size, buf).nil? | |
| w << buf # It works when you remove this line. | |
| end | |
| end |
NewerOlder