-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix unconstrained session cache growth in TLSv1.3 (3.1/3.0) #24044
Fix unconstrained session cache growth in TLSv1.3 (3.1/3.0) #24044
Commits on Apr 5, 2024
-
Add a test for session cache handling
Repeatedly create sessions to be added to the cache and ensure we never exceed the expected size. Related to CVE-2024-2511
Configuration menu - View commit details
-
Copy full SHA for f74d322 - Browse repository at this point
Copy the full SHA f74d322View commit details -
Extend the multi_resume test for simultaneous resumptions
Test what happens if the same session gets resumed multiple times at the same time - and one of them gets marked as not_resumable. Related to CVE-2024-2511
Configuration menu - View commit details
-
Copy full SHA for 546e223 - Browse repository at this point
Copy the full SHA 546e223View commit details -
Fix unconstrained session cache growth in TLSv1.3
In TLSv1.3 we create a new session object for each ticket that we send. We do this by duplicating the original session. If SSL_OP_NO_TICKET is in use then the new session will be added to the session cache. However, if early data is not in use (and therefore anti-replay protection is being used), then multiple threads could be resuming from the same session simultaneously. If this happens and a problem occurs on one of the threads, then the original session object could be marked as not_resumable. When we duplicate the session object this not_resumable status gets copied into the new session object. The new session object is then added to the session cache even though it is not_resumable. Subsequently, another bug means that the session_id_length is set to 0 for sessions that are marked as not_resumable - even though that session is still in the cache. Once this happens the session can never be removed from the cache. When that object gets to be the session cache tail object the cache never shrinks again and grows indefinitely. CVE-2024-2511
Configuration menu - View commit details
-
Copy full SHA for 61b3ddd - Browse repository at this point
Copy the full SHA 61b3dddView commit details -
Configuration menu - View commit details
-
Copy full SHA for bf4a323 - Browse repository at this point
Copy the full SHA bf4a323View commit details -
Hardening around not_resumable sessions
Make sure we can't inadvertently use a not_resumable session Related to CVE-2024-2511
Configuration menu - View commit details
-
Copy full SHA for c3e0159 - Browse repository at this point
Copy the full SHA c3e0159View commit details -
Add a test for session cache overflow
Test sessions behave as we expect even in the case that an overflow occurs when adding a new session into the session cache. Related to CVE-2024-2511
Configuration menu - View commit details
-
Copy full SHA for f0f54b0 - Browse repository at this point
Copy the full SHA f0f54b0View commit details -
Configuration menu - View commit details
-
Copy full SHA for d37a821 - Browse repository at this point
Copy the full SHA d37a821View commit details -
Configuration menu - View commit details
-
Copy full SHA for d1674b9 - Browse repository at this point
Copy the full SHA d1674b9View commit details -
Configuration menu - View commit details
-
Copy full SHA for b72b89f - Browse repository at this point
Copy the full SHA b72b89fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4e8e9c4 - Browse repository at this point
Copy the full SHA 4e8e9c4View commit details -
Configuration menu - View commit details
-
Copy full SHA for a0fcd04 - Browse repository at this point
Copy the full SHA a0fcd04View commit details