Blame SOURCES/jakarta-commons-httpclient-CVE-2014-3577.patch

e9ef6f
From 6f55656e288808437389f7d733e9a466fa5f0e2b Mon Sep 17 00:00:00 2001
e9ef6f
From: Michal Srb <msrb@redhat.com>
e9ef6f
Date: Tue, 12 Aug 2014 16:14:06 +0200
e9ef6f
Subject: [PATCH] Fix CVE-2014-3577
e9ef6f
e9ef6f
---
e9ef6f
 .../protocol/SSLProtocolSocketFactory.java         | 57 ++++++++++++++--------
e9ef6f
 1 file changed, 37 insertions(+), 20 deletions(-)
e9ef6f
e9ef6f
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
e9ef6f
index fa0acc7..e6ce513 100644
e9ef6f
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
e9ef6f
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
e9ef6f
@@ -44,9 +44,15 @@ import java.util.Iterator;
e9ef6f
 import java.util.LinkedList;
e9ef6f
 import java.util.List;
e9ef6f
 import java.util.Locale;
e9ef6f
-import java.util.StringTokenizer;
e9ef6f
+import java.util.NoSuchElementException;
e9ef6f
 import java.util.regex.Pattern;
e9ef6f
 
e9ef6f
+import javax.naming.InvalidNameException;
e9ef6f
+import javax.naming.NamingException;
e9ef6f
+import javax.naming.directory.Attribute;
e9ef6f
+import javax.naming.directory.Attributes;
e9ef6f
+import javax.naming.ldap.LdapName;
e9ef6f
+import javax.naming.ldap.Rdn;
e9ef6f
 import javax.net.ssl.SSLException;
e9ef6f
 import javax.net.ssl.SSLSession;
e9ef6f
 import javax.net.ssl.SSLSocket;
e9ef6f
@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
e9ef6f
 		return dots;
e9ef6f
 	}
e9ef6f
 
e9ef6f
-	private static String getCN(X509Certificate cert) {
e9ef6f
-        // Note:  toString() seems to do a better job than getName()
e9ef6f
-        //
e9ef6f
-        // For example, getName() gives me this:
e9ef6f
-        // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
e9ef6f
-        //
e9ef6f
-        // whereas toString() gives me this:
e9ef6f
-        // EMAILADDRESS=juliusdavies@cucbc.com        
e9ef6f
-		String subjectPrincipal = cert.getSubjectX500Principal().toString();
e9ef6f
-		
e9ef6f
-		return getCN(subjectPrincipal);
e9ef6f
-
e9ef6f
+	private static String getCN(final X509Certificate cert) {
e9ef6f
+		final String subjectPrincipal = cert.getSubjectX500Principal().toString();
e9ef6f
+		try {
e9ef6f
+			return extractCN(subjectPrincipal);
e9ef6f
+		} catch (SSLException ex) {
e9ef6f
+			return null;
e9ef6f
+		}
e9ef6f
 	}
e9ef6f
-	private static String getCN(String subjectPrincipal) {
e9ef6f
-		StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
e9ef6f
-		while(st.hasMoreTokens()) {
e9ef6f
-			String tok = st.nextToken().trim();
e9ef6f
-			if (tok.length() > 3) {
e9ef6f
-				if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
e9ef6f
-					return tok.substring(3);
e9ef6f
+
e9ef6f
+	private static String extractCN(final String subjectPrincipal) throws SSLException {
e9ef6f
+		if (subjectPrincipal == null) {
e9ef6f
+			return null;
e9ef6f
+		}
e9ef6f
+		try {
e9ef6f
+			final LdapName subjectDN = new LdapName(subjectPrincipal);
e9ef6f
+			final List<Rdn> rdns = subjectDN.getRdns();
e9ef6f
+			for (int i = rdns.size() - 1; i >= 0; i--) {
e9ef6f
+				final Rdn rds = rdns.get(i);
e9ef6f
+				final Attributes attributes = rds.toAttributes();
e9ef6f
+				final Attribute cn = attributes.get("cn");
e9ef6f
+				if (cn != null) {
e9ef6f
+					try {
e9ef6f
+						final Object value = cn.get();
e9ef6f
+						if (value != null) {
e9ef6f
+							return value.toString();
e9ef6f
+						}
e9ef6f
+					} catch (NoSuchElementException ignore) {
e9ef6f
+					} catch (NamingException ignore) {
e9ef6f
+					}
e9ef6f
 				}
e9ef6f
 			}
e9ef6f
+		} catch (InvalidNameException e) {
e9ef6f
+			throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
e9ef6f
 		}
e9ef6f
 		return null;
e9ef6f
 	}
e9ef6f
-- 
e9ef6f
1.9.3
e9ef6f