LP #1521120: MySQL client Common Name validation may allow for MITM

**Reported in Launchpad by David Busby last update 17-03-2016 09:07:26

Due to a bug in how MySQL checks hostnames against X.509 certificates
an attacker on the network is able to execute a MITM attack.

The relevant code is here:

• https://github.com/mysql/mysql-server/blob/5.7/sql-common/client.c#L2660-L2680

• https://github.com/MariaDB/server/blob/10.1/sql-common/client.c#L1794-L1822

• https://github.com/webscalesql/webscalesql-5.6/blob/webscalesql-5.6.26/sql-common/client.c#L2251-L2271

• https://github.com/percona/percona-server/blob/5.6/sql-common/client.c#L1873-L1893

The issue is that MySQL uses string searches against OpenSSL's representation

of a Distinguished Name in order to discover the Common Name in a server's
certificate. It does this by looking for the string "/CN=" and going until the
next "/" is found.

OpenSSL does not perform any escaping of values in the DN however, so a
certificate for "haxor.com" with CN="haxor.com" and OU="/CN=example.com/" would
have ``X509_NAME_oneline`` return "/OU=/CN=example.com//CN=haxor.com/". The
code would incorrectly validate the certificate as being valid for example.com.
This applies whenever any field in the DN is encoded before the Common Name.

The correct solution is to use OpenSSL's structured APIs for examining
certificate information, rather than the string representation. The Common Name
of a certificate can be obtained using the ``X509_NAME_entry_count``,
``X509_NAME_get_entry``, ``X509_NAME_ENTRY_get_object``, and
``X509_NAME_ENTRY_get_data`` functions. Example code to accomplish this can be
found in the OpenSSL wiki:
https://wiki.openssl.org/index.php/Hostname_validation

This vulnerability was jointly discovered by Paul Kehrer of Rackspace and Alex
Gaynor of the United States Department of Veterans Affairs.

PS: As something of an aside, it would be more correct to check against
hostnames listed in the subjectAltName extension, instead of using the Common
Name.