Closed
Bug 540535
Opened 15 years ago
Closed 12 years ago
crash in libssl when cache is disabled and attempting sending an alert to a client that has provided revoked cert
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.14
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
(Keywords: crash, Whiteboard: [has unreviewed patch][does not affect clients])
Attachments
(1 file, 2 obsolete files)
1.79 KB,
patch
|
Details | Diff | Splinter Review |
The problem is reproducible using selfserv with -N(disable cache) argument. An attempt to establish a connection that requires client auth will result in server crash provided that a client responded with invalid certificate. selfserv -D -p 10443 -d ../server -n <host cert> -B -s -w nss -i ../tests_pid.42202 -r -r -N strsclnt -q -p 10443 -d ../client -B -s -w nss -c 1000 -C c -T <host> Stack: (gdb) where #0 0x00000000 in ?? () #1 0x0005f41a in SSL3_SendAlert (ss=0x831800, level=alert_fatal, desc=certificate_revoked) at ssl3con.c:2528 #2 0x0006a979 in ssl3_HandleCertificate (ss=0x831800, b=0x7da26f "\020", length=0) at ssl3con.c:7896 #3 0x0006be02 in ssl3_HandleHandshakeMessage (ss=0x831800, b=0x7da004 "", length=619) at ssl3con.c:8424 #4 0x0006c2b2 in ssl3_HandleHandshake (ss=0x831800, origBuf=0x831a4c) at ssl3con.c:8548 #5 0x0006ce62 in ssl3_HandleRecord (ss=0x831800, cText=0xb0100000, databuf=0x831a4c) at ssl3con.c:8863 #6 0x0006df98 in ssl3_GatherCompleteHandshake (ss=0x831800, flags=0) at ssl3gthr.c:206 #7 0x00070c0a in ssl_GatherRecord1stHandshake (ss=0x831800) at sslcon.c:1258 #8 0x0007bdd9 in ssl_Do1stHandshake (ss=0x831800) at sslsecur.c:151 #9 0x0007dcc6 in ssl_SecureRecv (ss=0x831800, buf=0xb010045c "GET /abc HTTP/1.0\r\n\r\n", len=10239, flags=0) at sslsecur.c:1141 #10 0x0007dda4 in ssl_SecureRead (ss=0x831800, buf=0xb010045c "GET /abc HTTP/1.0\r\n\r\n", len=10239) at sslsecur.c:1160 #11 0x000858b3 in ssl_Read (fd=0x429ba0, buf=0xb010045c, len=10239) at sslsock.c:1620 #12 0x003a2691 in PR_Read (fd=0x429ba0, buf=0xb010045c, amount=10239) at ../../../../pr/src/io/priometh.c:141 #13 0x00003336 in handle_connection (tcp_sock=0x429ba0, model_sock=0x402fb0, requestCert=2) at selfserv.c:1131 #14 0x000025f4 in jobLoop (a=0x0, b=0x0, c=2) at selfserv.c:609 #15 0x000024ae in thread_wrapper (arg=0x42828c) at selfserv.c:578 #16 0x003c75a7 in _pt_root (arg=0x428510) at ../../../../pr/src/pthreads/ptthread.c:228 #17 0x9228b155 in _pthread_start () #18 0x9228b012 in thread_start () The problem is that the code assumes that pointers of cache and uncache functions are always initialized.
Updated•15 years ago
|
Attachment #422291 -
Attachment is patch: true
Attachment #422291 -
Attachment mime type: application/octet-stream → text/plain
Assignee | ||
Updated•14 years ago
|
Priority: -- → P2
Target Milestone: 3.12.1 → 3.12.7
Comment 1•14 years ago
|
||
Alexei, are you intending to have this reviewed? see https://developer.mozilla.org/en/Code_Review_FAQ and http://www.mozilla.org/about/owners.html
Updated•14 years ago
|
Target Milestone: 3.12.7 → 3.12.9
Comment 2•14 years ago
|
||
NSS user 'passfree' reported in the mozilla-dev-tech-crypto newsgroup that ssl3_HandleAlert may crash in a similar way when an SSL server receives a fatal alert from a client due to a server certificate error: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.149&mark=2663-2664#2663 We should add a similar null pointer check for ss->sec.uncache. A possible alternative fix is to initialize the global variables ssl_sid_cache to ServerSessionIDCache, ssl_sid_uncache to ServerSessionIDUncache, etc. But I guess we can't use ServerSessionIDCache and ServerSessionIDUncache until the server session ID cache has been initialized. So perhaps the null pointer checks are the right fix.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment 3•14 years ago
|
||
passfree's problem is due to running an SSL server socket in a process where the SSL server cache is uninitialized. LOTS of bad things will happen in that case. The uncache value being initialized with NULL is just the tip of the iceberg. There already is code to initialize the global variable ssl_sid_cache. That code gets called when the sid cache is initialized. But in Firefox, it is never initialized. The moral of this story is: Don't use SSL server sockets without initializing NSS for use in a server. BTW, Mozilla plans to remove (ifdef out) SSL server socket support completely from their builds of libSSL, so use of server-side SSL sockets in Mozilla is inadvisable, IMO.
What are the consequences of using dummy cache and uncache functions within NSS? my tests show so far no problems what so ever, but of course I do not fully understand NSS. Ripping off a valid function from firefox for no apparent reason is a bad move, imho. I agree that the there are limited use cases for SSL server sockets at the moment. However, I believe that my module can quickly change that. In particular, it will make projects such as POW, a lot simpler to develop. SSL server and client sockets can also be used as part of other protocols different than HTTP and to enable a plethora of other xulrunner applications.
Comment 5•14 years ago
|
||
I found the previous work on this problem: bug 237724. We should treat this bug as a continuation of that work. In bug 237724, we added a null pointer check for ss->sec.cache in ssl3_HandleFinished, but more important, we added code to fail with the SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED error code if the server session ID cache is not configured. This bug shows that the detection of unconfigured server session ID cache in ssl3_HandleClientHello is incomplete. It is only done under some conditions: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.149&mark=6122-6124,6130,6134#6117 We should change ssl3_HandleClientHello to always check if the server session ID cache is configured. Then, we can consider either removing the null pointer check for ss->sec.cache (from ssl3_HandleFinished), or adding null pointer checks for ss->sec.uncache as Alexei and I proposed.
Updated•13 years ago
|
Whiteboard: [has unreviewed patch] → [has unreviewed patch][does not affect clients]
Updated•12 years ago
|
Target Milestone: 3.12.9 → 3.13.4
Updated•12 years ago
|
Target Milestone: 3.13.4 → 3.13.5
Updated•12 years ago
|
Attachment #422291 -
Attachment description: fix the problem only in one place. → fix the problem only in SSL3_SendAlert.
Comment 6•12 years ago
|
||
This patch by EKR fixes the problem described in comment 2, originally reported by passfree.
Comment 7•12 years ago
|
||
Don't call ss->sec.uncache() if the SSL_NO_CACHE option is enabled. I decided to test !ss->opt.noCache instead of ss->sec.uncache, in the hope that this will catch servers that forget to configure the SSL session ID cache. They will still crash unless they enable the SSL_NO_CACHE option to indicate they really don't want the SSL session ID cache. Patch checked in on the NSS trunk (NSS 3.13.5). Checking in ssl3con.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c new revision: 1.177; previous revision: 1.176 done
Attachment #422291 -
Attachment is obsolete: true
Attachment #612089 -
Attachment is obsolete: true
Updated•12 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Target Milestone: 3.13.5 → 3.14
You need to log in
before you can comment on or make changes to this bug.
Description
•