Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer #5364

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
2 participants
@Scottmitch
Copy link
Member

commented Jun 7, 2016

Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:

  • Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed

Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer
Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:
- Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed

Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.

@Scottmitch Scottmitch added the defect label Jun 7, 2016

@Scottmitch Scottmitch added this to the 4.0.37.Final milestone Jun 7, 2016

@Scottmitch Scottmitch self-assigned this Jun 7, 2016

@normanmaurer

This comment has been minimized.

Copy link
Member

commented Jun 7, 2016

Go for it!

Am 07.06.2016 um 17:58 schrieb Scott Mitchell notifications@github.com:

Motivation:
CVE-2016-4970

OpenSslEngine.wrap calls SSL_write which may return SSL_ERROR_WANT_READ, and if in this condition there is nothing to read from the BIO the OpenSslEngine and SslHandler will enter an infinite loop.

Modifications:

Use the error code provided by OpenSSL and go back to the EventLoop selector to detect if the socket is closed
Result:
OpenSslEngine correctly handles the return codes from OpenSSL and does not enter an infinite loop.

You can view, comment on, or merge this pull request online at:

#5364

Commit Summary

OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer
File Changes

M handler/src/main/java/io/netty/handler/ssl/OpenSslEngine.java (71)
Patch Links:

https://github.com/netty/netty/pull/5364.patch
https://github.com/netty/netty/pull/5364.diff

You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@Scottmitch

This comment has been minimized.

Copy link
Member Author

commented Jun 7, 2016

Cherry-picked 4.1 (9e2c400) 4.0 (524156f)

@Scottmitch Scottmitch closed this Jun 7, 2016

@Scottmitch Scottmitch deleted the Scottmitch:ssl_infinite_loop branch Jun 7, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.