TLS server corrupts large client responses

[jesskfullwood]

Got a strange one. I'm using hyper as a simple proxy. I have an EC2 instance running on HTTPS. When I contact the server, it uses the hyper client to download data from another (external) source, and sends it back as a response.

My service function has the signature

fn service(
    mut req: Request<hyper::Body>,
) -> impl Future<Item = Response<Body>, Error = Error> + Send

And since the client ResponseFuture implements Future<Item=Response<Body> I was just returning the future directly. However I found that large payloads (~1MB) were getting corrupted in strange ways. Certain sections of the payload were being duplicated and/or sent out-of-order (but usually the first 100KB or so were correct). This problem only seemed to occur when both the server and the external server were contacted through TLS - if either used HTTP the problem went away.

I worked around the problem by concatenating the response body before returning it.

resp.and_then(|resp| {
    let (parts, body) = resp.into_parts();
   body.concat2().map(|body| {
        let body = Body::from(body);
        Response::from_parts(parts, body)
    })
})

That seemed to fix it.

Stack:

hyper = "0.12.8"
hyper-tls = "0.3.0"
rustls = "0.13.0"
tokio = "0.1.7"
tokio-rustls = "0.7.1"
tokio-tcp = "0.1.1"

[sfackler]

Try turning off http1_writev: https://docs.rs/hyper/0.12.8/hyper/server/conn/struct.Http.html#method.http1_writev. The TLS-wrapped stream doesn't support vectorized writes while a normal TcpStream does, and there could be a bug in some of the fallback code.

[jesskfullwood]

Thanks for you suggestion. However, changing the http1_writev setting made no difference.

After testing a little more carefully I have concluded that it doesn't matter whether the external request is HTTP or HTTPS, it will still be corrupted if the server is using TLS (and succeed otherwise).

To be clear, the server handshakes all succeed and the headers all seem in order. It is just the payload body that is corrupted.

[bluetech]

actix-web has a similar-sounding issue, it might be related: actix/actix-web#454

[seanmonstar]

I see two TLS dependencies, does it happen with both? If so, that'd imply the bug is in hyper. If only one, that'd imply the bug is in that TLS lib.

[quininer]

I think here needs your help. @ctz

[jesskfullwood]

@seanmonstar Well spotted, it seems I was using rustls for the server and hyper-tls for the client (client is pretty much copy-pasta of https://github.com/hyperium/hyper-tls/blob/dc8a13409b753ce212aada925ad5edb58e185349/examples/client.rs) But the errors occurred whether the external call was http or https so I think we can rule out errors in hyper-tls.

I'll try to set up a reproduction.

[jesskfullwood]

I couldn't reproduce the problem locally (with a self signed cert) so I ssh'd into the EC2 box and tested it 'locally' on the server with curl, and the problem disappeared. I ssh'd into a different EC2 instance and tested it from there and the problem reappeared. So it only seems to happen when serving external requests.

[seanmonstar]

In the linked actix issue, it appears they also noticed that switching to openssl fixed it, suggesting there might be a bug in rustls. I don't know if there is already a ticket open there.

[jesskfullwood]

I've made a repro here - https://github.com/jesskfullwood/hyper-proxy-bug. Unfortunately you need a spare server to deploy it. Agree rustls seems the likely culprit.

[ctz]

Thanks for the repro, I'll look at this asap

[DoumanAsh]

JFYI I actually struggled to reproduce the issue on my windows machine(though I didn't check release mode as I doubt there is platform dependent code)

UPD: it does happen to me only in release mode

[neowutran]

Probably the same bug:

actix/actix-web#438 (comment)

OpenSSL -> OK
Rustls -> Nop

Cannot be reproduced on localhost, you need a spare server to deploy it.

[ctz]

I can reproduce this, and echo the difficulty getting a reproduction over loopback. The discontinuities seem to be non-deterministic, too. So I'm currently thinking the bug is happening only when TCP buffers get filled, and then somewhere backpressure goes wrong. Still looking.

[sanmai-NL]

Does TCP_NODELAY mediate the issue?

[ctz]

I've dumped the plaintext data going into rustls and it's pretty clearly going wrong before there:

$ tail plaintext.14.dat 
16114
16115
16116
16117
16118
16119
16120
16121
16122
161
$ head plaintext.15.dat 
4762
14763
14764
14765
14766
14767
14768
14769
14770
14771

These are two sequential writes, so 'plaintext.15.dat' should've started 23\r\n16124. However plaintext.14.dat is a prefix of plaintext.15.dat, so it feels like something is failing to move a buffer along somewhere.