关联漏洞
描述
Demonstrating that SSLVerifySignedServerKeyExchange() is trivially testable.
介绍
# TestableSecurity
This is a small proof-of-concept that lifts out the [vulnerable SSLVerifySignedServerKeyExchange()](http://support.apple.com/kb/HT6147) from Apple's libsecurity_ssl to demonstrate that the signing code is readily unit testable in isolation.
While there's been some talk that this bug wasn't easily tested, the code in question verifies signatures based on straight-forward preconditions, and is readily testable for both positive and negative validation cases; there's no reason or excuse for it not being fully tested for:
* Incorrect clientRandom.
* Incorrect serverRandom.
* Incorrect signedParams
* Incorrect signature (which is essentially equivalent to any of the above)
Try running the unit tests yourself, and then simply comment out the errant 'goto' to see the tests pass:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
// goto fail;
文件快照
[4.0K] /data/pocs/c13d180fb0ee7ed44262b591d40b82573a4e832d
├── [ 909] README.md
├── [4.0K] TestableSecurity
│ ├── [4.0K] en.lproj
│ │ └── [ 45] InfoPlist.strings
│ ├── [3.0K] libsecurity_ssl_bits.h
│ ├── [ 15K] libsecurity_ssl_bits.m
│ ├── [ 440] TestableSecurity.h
│ ├── [ 981] TestableSecurity-Info.plist
│ ├── [2.6K] TestableSecurity.m
│ └── [ 172] TestableSecurity-Prefix.pch
├── [4.0K] TestableSecurityTests
│ ├── [4.0K] en.lproj
│ │ └── [ 45] InfoPlist.strings
│ ├── [ 694] TestableSecurityTests-Info.plist
│ └── [1.2K] TestableSecurityTests.m
└── [4.0K] TestableSecurity.xcodeproj
└── [ 19K] project.pbxproj
5 directories, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。