websocket: fix incorrect TLS host verification

Previously after fetching a websocket connection endpoint from a DNS TXT record we were verifying the certificate against the name fetched from the record. This is incorrect and results in the ability to MITM the connection because if DNS is spoofed and the WSS endpoint is changed to evil.example.net we would verify that evil.example.net presented a valid certificate for itself, but not for good.example.net (or whatever the original address was expecting). Instead, verify the original address. This issue has been assigned CVE ID CVE-2022-24968. For more information see: https://mellium.im/cve/cve-2022-24968/ Fixes #259 Signed-off-by: Sam Whited <sam@samwhited.com>
mellium · Feb 11, 2022 · 0d92aa4 · 0d92aa4
1 parent 938c44c
commit 0d92aa4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+### Security
+
+- websocket: fix an issue where the wrong hostname was validated in connections
+             made after looking up DNS TXT records, resulting in a potential
+             MITM. A CVE has been issued with the id [CVE-2022-24968].
+
+[CVE-2022-24968]: https://mellium.im/cve/cve-2022-24968/
+
+
 ## v0.21.0 — 2022-02-08
 
 ### Breaking

diff --git a/websocket/ws.go b/websocket/ws.go
@@ -61,7 +61,7 @@ func NewClient(ctx context.Context, origin, location string, addr jid.JID, rwc i
 	d := Dialer{
 		Origin: origin,
 	}
-	cfg, err := d.config(location)
+	cfg, err := d.config(addr.Domain().String(), location)
 	if err != nil {
 		return nil, err
 	}
@@ -190,7 +190,7 @@ func (d *Dialer) Dial(ctx context.Context, addr jid.JID) (net.Conn, error) {
 		if !d.InsecureNoTLS && strings.HasPrefix(u, "ws:") {
 			continue
 		}
-		cfg, err = d.config(u)
+		cfg, err = d.config(addr.Domain().String(), u)
 		if err != nil {
 			continue
 		}
@@ -209,14 +209,14 @@ func (d *Dialer) Dial(ctx context.Context, addr jid.JID) (net.Conn, error) {
 // implementation.
 // This may change in the future.
 func (d *Dialer) DialDirect(_ context.Context, addr string) (net.Conn, error) {
-	cfg, err := d.config(addr)
+	cfg, err := d.config(addr, addr)
 	if err != nil {
 		return nil, err
 	}
 	return websocket.DialConfig(cfg)
 }
 
-func (d *Dialer) config(addr string) (cfg *websocket.Config, err error) {
+func (d *Dialer) config(remoteAddr, addr string) (cfg *websocket.Config, err error) {
 	cfg, err = websocket.NewConfig(addr, d.Origin)
 	if err != nil {
 		return nil, err
@@ -225,7 +225,7 @@ func (d *Dialer) config(addr string) (cfg *websocket.Config, err error) {
 	cfg.TlsConfig = d.TLSConfig
 	if cfg.TlsConfig == nil {
 		cfg.TlsConfig = &tls.Config{
-			ServerName: cfg.Location.Host,
+			ServerName: remoteAddr,
 			MinVersion: tls.VersionTLS12,
 		}
 	}