Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s_server: Report an error if init-connection fails without an attempt to read #18154

Closed
wants to merge 3 commits into from
Closed

s_server: Report an error if init-connection fails without an attempt to read #18154

wants to merge 3 commits into from

Conversation

faramir-dev
Copy link
Contributor

…connection.

Fixes #18047.

Checklist
  • documentation is added or updated
  • tests are added or updated

@faramir-dev faramir-dev self-assigned this Apr 22, 2022
@bernd-edlinger
Copy link
Member

note the typo in the commit message

@t8m
Copy link
Member

t8m commented Apr 22, 2022

Have you verified that this won't break s_server if for example in dtls mode if client sends some broken client hello or some combination of algorithms the server does not support?

@t8m t8m changed the title s_serve: Report an error if non-recoverable error occurs in init_ssl_connection s_server: Report an error if non-recoverable error occurs in init_ssl_connection Apr 25, 2022
@faramir-dev faramir-dev force-pushed the daniel/18047 branch 2 times, most recently from 2deda1d to 923d521 Compare April 26, 2022 06:33
@faramir-dev faramir-dev changed the title s_server: Report an error if non-recoverable error occurs in init_ssl_connection s_server: Report an error if there are too many init-connection failures. Apr 26, 2022
@t8m
Copy link
Member

t8m commented Apr 26, 2022

There is one more way how you could possibly solve this issue. Set a callback function on the read bio with BIO_set_callback_ex() and if the callback is not called during the init connection call, it means the failure does not have anything with the connection attempt.

@faramir-dev faramir-dev changed the title s_server: Report an error if there are too many init-connection failures. s_server: s_serve: Report an error if init-connection fails without an attempt to read Apr 29, 2022
@faramir-dev faramir-dev changed the title s_server: s_serve: Report an error if init-connection fails without an attempt to read s_server: Report an error if init-connection fails without an attempt to read Apr 29, 2022
t8m
t8m reviewed Apr 29, 2022
View reviewed changes
apps/s_server.c Outdated

if (s_debug) {
BIO_set_callback_arg(bio, (char* )bio_s_out);
bio_dump_callback(bio, cmd, argp, len, argi, argl, ret, processed);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the bio_dump_callback() does not modify the ret value we should do here ret = (int)bio_dump....

t8m
t8m reviewed Apr 29, 2022
View reviewed changes
apps/s_server.c Outdated
if (s_debug) {
BIO_set_callback_arg(bio, (char* )bio_s_out);
bio_dump_callback(bio, cmd, argp, len, argi, argl, ret, processed);
BIO_set_callback_arg(bio, (char* )p_counter);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be (char *)

t8m
t8m reviewed Apr 29, 2022
View reviewed changes
apps/s_server.c Outdated
static long count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len,
int argi, long argl, int ret, size_t *processed)
{
unsigned *p_counter = (unsigned*)BIO_get_callback_arg(bio);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(unsigned *)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make this unsigned int * rather than just unsigned *

mattcaswell
mattcaswell requested changes Apr 29, 2022
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Some minor nits below

apps/s_server.c Outdated
}

if (s_debug) {
BIO_set_callback_arg(bio, (char* )bio_s_out);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(char *)

apps/s_server.c Outdated
static long count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len,
int argi, long argl, int ret, size_t *processed)
{
unsigned *p_counter = (unsigned*)BIO_get_callback_arg(bio);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make this unsigned int * rather than just unsigned *

apps/s_server.c Outdated
* It helps us to recognise configuration errors and errors
* caused by a client.
*/
unsigned read_counter = 0;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsigned int read_counter = 0;

@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch labels May 2, 2022
paulidale
paulidale approved these changes May 3, 2022
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with the style nits fixed and possible with the changed comment (or a not changed comment).

apps/s_server.c Show resolved Hide resolved
apps/s_server.c Outdated Show resolved Hide resolved
apps/s_server.c Outdated
@@ -2328,6 +2328,30 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}

static long count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're being pedantic about the int part: long int.

@t8m
Copy link
Member

t8m commented May 4, 2022

@faramir-dev ping for fixups

@t8m
Copy link
Member

t8m commented May 5, 2022

@paulidale still OK?

@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels May 5, 2022
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels May 6, 2022
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request May 6, 2022
@faramir-dev @t8m
s_serve: Report an error if init-connection fails without an attempt …
a6d52f1 
…to read.

Fixes: #18047.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #18154)
openssl-machine pushed a commit that referenced this pull request May 6, 2022
@faramir-dev @t8m
s_serve: Report an error if init-connection fails without an attempt …
8b63b17 
…to read.

Fixes: #18047.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #18154)

(cherry picked from commit a6d52f1)
@t8m t8m removed the branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch label May 6, 2022
@t8m
Copy link
Member

t8m commented May 6, 2022

Merged to master and 3.0 branches. Thank you.

It needs adjustments for 1.1.1. @faramir-dev could you please create a backported PR for 1.1.1?

@t8m t8m closed this May 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

@paulidale paulidale paulidale approved these changes

Assignees

@faramir-dev faramir-dev

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

s_server infinite loop bug
6 participants
@faramir-dev @bernd-edlinger @t8m @openssl-machine @mattcaswell @paulidale