Re: ssl negotiation failed with Microsoft IIS

From: Eugene Mayevski (mayevski_at_eldos.org)
Date: 05/17/04

• Next message: Steve: "GINA DLL in windows XP home edition (Graphical Identification and Authentication DLL)"
• Previous message: Dan: "CCertAdmin.SetCertificateExtension"
• In reply to: Igor: "Re: ssl negotiation failed with Microsoft IIS"
• Next in thread: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• Reply: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 18 May 2004 00:21:19 +0300

Igor wrote:

> Eugene, I have searched the newsgroup but (feel really stupid) could not find your relevant posting.
> Could you please point it out more specifically.

Did you try your implementation with Java SSL-enabled servers? They have
the same bug in more severe variant.

The bug is that some students in MS (and in Sun) didn't study well and
didn't learn that TCP is a stream protocol, not message protocol. What
they assume is that if they read the data (ssl packet) from the socket
with one call, then they either read the whole packet or they drop the
connection. They can fail when you write first ssl packet header, then
data and then MAC, with more than one send() call. In this case chances
are that the recipient (IIS) will receive one or two pieces of the three
mentioned. The solution is to write all three pieces into one buffer and
send this buffer with one send() call.

-- 
Eugene Mayevski
EldoS Corp., CTO
Networking and security solutions, custom development services
http://www.eldos.com

---

• Next message: Steve: "GINA DLL in windows XP home edition (Graphical Identification and Authentication DLL)"
• Previous message: Dan: "CCertAdmin.SetCertificateExtension"
• In reply to: Igor: "Re: ssl negotiation failed with Microsoft IIS"
• Next in thread: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• Reply: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Buffer overflows and asctime() ... to contain a "bug" as others are not. ... standard the year member receives a maximum value. ... will overflow its buffer if confronted with valid inputs. ... So you still do not understand "undefined behavior". ... (comp.std.c) Re: [Full-disclosure] DNS TXT Record Parsing Bug in LibSPF2z ... A relatively common bug parsing TXT records delivered over DNS, ... filters that protect your systems use LibSPF2. ... rdlen byte buffer. ... (Full-Disclosure) Bug analysis ... char *ReadTextFile ... the fgets function fills our buffer with a line or 119 ... The reallocation asks for "len" more characters, ... this bug can very well go completely undetected in many occasions giving ... (comp.lang.c) [UNIX] wu-ftpd fb_realpath() Off-by-One Bug ... Wu-ftpd FTP server contains remotely exploitable off-by-one bug. ... characters while the size of the buffer is MAXPATHLEN characters only. ... Following FTP commands may be used to cause buffer overflow: ... (Securiteam) Re: Buffer Overrun in VC++ using VFP9 ... There is at least one known bug in VFP that will cause this. ... The bug involves very specific data conditions and buffering. ... support line and open a paid support incident. ... the only remedy with buffer ... (microsoft.public.fox.programmer.exchange)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2004-05