Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer #5364

Closed
wants to merge 1 commit into from
Closed

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer #5364

wants to merge 1 commit into from

Conversation

Scottmitch
Copy link
Member

Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:

  • Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed

Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.

@Scottmitch
OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer
bc8291c 
Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:
- Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed

Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.
@Scottmitch Scottmitch added this to the 4.0.37.Final milestone Jun 7, 2016
@Scottmitch Scottmitch self-assigned this Jun 7, 2016
@normanmaurer
Copy link
Member

Go for it!

Am 07.06.2016 um 17:58 schrieb Scott Mitchell notifications@github.com:

Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:

Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed
Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.

You can view, comment on, or merge this pull request online at:

#5364

Commit Summary

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer
File Changes

M handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java (71)
Patch Links:

https://github.com/netty/netty/pull/5364.patch
https://github.com/netty/netty/pull/5364.diff

You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@Scottmitch
Copy link
Member Author

Cherry-picked 4.1 (9e2c400) 4.0 (524156f)

@Scottmitch Scottmitch closed this Jun 7, 2016
@Scottmitch Scottmitch deleted the ssl_infinite_loop branch June 7, 2016 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Scottmitch Scottmitch

Labels
defect
Projects
None yet
Milestone
4.0.37.Final
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Scottmitch @normanmaurer