-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL crash when pointed at an echo server (fed it's own output back to input) #5367
Comments
Could you please provide a more concrete example of how to reproduce? The crash above is from an erlang server. The line pointed out to fail will not be executed by a client. |
Hi, I'm pretty much literally running the single command that I gave in the original comment above: Caveat that I'm reproducing this through the elixir repl, this is the complete repro:
To be clear, the remote server is a simple TCP echo server. It simply echos back whatever it gets. So I'm presuming this is getting the erlang SSL application super confused! (I suspect there is a bigger opportunity here, ie to add a fuzzer to the remote echo server. We may turn up all kinds of other interesting corner cases?) |
Humm ... well I think that I understand how this happened and I suspect that it would not happen if using TLS-1.2 (they run different state machine code). We will look into improving the gracefulness for TLS-1.3. |
* dgud/ssl/echo_error/GH-5367/OTP-17759: ssl: Improve error handling
Fixed merged |
This is a resend of an email to the erlang-help list, probably better here though:
in order to develop some simple elixir tcp apps I first created a simple echo server that runs on two ports, one protected by SSL and another on plain TCP.
By accident I tried to initiate an SSL connection to the (non ssl) tcp echo server port and found the following crash (please forgive the elixir syntax below). To be clear, this is the erlang SSL application basically being made to talk to itself, the far side just repeats back what it receives.
Obviously one shouldn't do this... However, perhaps someone would like to see if we can't catch the exception and return a nicer error?
(tested against: Erlang 24.1.3)
Example to repro below, but I think if one had an echo server running on localhost port 7 say, you could simply point the ssl application at that to reproduce
The text was updated successfully, but these errors were encountered: