Kernel panic for some types of tls certificates #1888

EvgeniiMekhanik · 2023-06-01T11:03:27Z

[tempesta fw] Warning: Vhost f35tfw.local doesn't have certificate with matching SAN/CN.
[ 3167.560013] Maybe that's fine, but it's worth checking the
[ 3167.560013] config - if there is no relations between the
[ 3167.560013] names, then host name confusion attack is possible.
[ 3167.561648] ------------[ cut here ]------------
[ 3167.561943] kernel BUG at /home/evgeny/workdir/tempesta/tls/pk.c:292!
[ 3167.562335] invalid opcode: 0000 [#1] SMP NOPTI
[ 3167.562602] CPU: 2 PID: 42705 Comm: sysctl Tainted: G OE 5.10.35+ #230
[ 3167.563070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 3167.563561] RIP: 0010:ttls_pk_setup+0x3c/0x50 [tempesta_tls]
[ 3167.563895] Code: 48 85 db 74 25 48 85 ed 74 20 48 83 3b 00 75 1a 48 8b 45 30 e8 65 98 04 e1 48 89 43 08 48 85 c0 74 0a 48 89 2b 31 c0 5b 5d c3 <0f> 0b b8 80 c0 ff ff eb f4 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
[ 3167.564969] RSP: 0018:ffffc900045cb9d8 EFLAGS: 00010286
[ 3167.565276] RAX: 0000000000000000 RBX: ffff888204b8aa08 RCX: 0000000000000002
[ 3167.565689] RDX: 000000000000000b RSI: ffffffffa0bcb0a0 RDI: ffff888204b8aa08
[ 3167.566103] RBP: ffffffffa0bcb0a0 R08: 0000000000000001 R09: ffffea0006b13208
[ 3167.566516] R10: ffffea00062dd980 R11: 0000000000000002 R12: 0000000000000321
[ 3167.566933] R13: 00000000ffffc29e R14: ffff888126fdb000 R15: ffffffffa0ccb4a0
[ 3167.567346] FS: 00007fcb0d8c3740(0000) GS:ffff888237c80000(0000) knlGS:0000000000000000
[ 3167.567835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3167.568170] CR2: 00007f9282437000 CR3: 0000000200294001 CR4: 0000000000770ee0
[ 3167.568589] PKRU: 55555554
[ 3167.568751] Call Trace:
[ 3167.568907] ttls_pk_parse_key+0xc0/0x280 [tempesta_tls]
[ 3167.569231] tfw_tls_set_cert_key+0xc5/0x120 [tempesta_fw]
[ 3167.569557] spec_handle_entry+0x58/0x80 [tempesta_fw]
[ 3167.569863] tfw_cfg_handle_children+0x122/0x1b0 [tempesta_fw]
[ 3167.570209] spec_handle_entry+0x58/0x80 [tempesta_fw]
[ 3167.570513] tfw_cfg_parse_mods+0x19a/0x200 [tempesta_fw]
[ 3167.570835] ? parse_cfg_entry+0xe1/0x8b0 [tempesta_fw]
[ 3167.571148] tfw_cfg_parse+0x49/0x80 [tempesta_fw]
[ 3167.571435] tfw_ctlfn_state_io+0x10a/0x310 [tempesta_fw]
[ 3167.571767] proc_sys_call_handler+0x141/0x260
[ 3167.572037] new_sync_write+0x11c/0x1b0
[ 3167.572269] vfs_write+0x1be/0x250
[ 3167.572473] ksys_write+0x5f/0xe0
[ 3167.572680] do_syscall_64+0x33/0x80
[ 3167.572898] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 3167.573200] RIP: 0033:0x7fcb0d9daa37

EvgeniiMekhanik · 2023-06-01T11:07:13Z

listen 443 proto=https;

cache 1;
cache_fulfill * *;

srv_group ngx_local {
        server 127.0.0.1:8000 conns_n=4;
}

vhost f35tfw.local {
        tls_certificate /home/evgeny/workdir/cert/RSA/cacert.pem;
        tls_certificate_key /home/evgeny/workdir/cert/RSA/pubkey.pem;

        #resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains";

        proxy_pass ngx_local;
}

http_chain {
        -> f35tfw.local;
}

EvgeniiMekhanik · 2023-06-01T11:12:03Z

EvgeniiMekhanik · 2023-06-01T11:12:30Z

We should set `ctx->pk_info` to NULL in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

We should reinitialize `ctx` in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

krizhanovsky added TLS Tempesta TLS module and related issues bug crucial and removed crucial labels Jun 1, 2023

krizhanovsky added this to the 0.8 - Beta milestone Jun 1, 2023

EvgeniiMekhanik added a commit that referenced this issue Jun 1, 2023

Fix incorrect work of ttls_pk_free function

f1e6bae

We should set `ctx->pk_info` to NULL in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

EvgeniiMekhanik mentioned this issue Jun 1, 2023

Fix incorrect work of ttls_pk_free function #1890

Merged

krizhanovsky modified the milestones: 0.8 - Beta, 0.7 - HTTP/2 Jun 1, 2023

krizhanovsky assigned EvgeniiMekhanik Jun 1, 2023

EvgeniiMekhanik added a commit that referenced this issue Jun 5, 2023

Fix incorrect work of ttls_pk_free function

f70f628

We should set `ctx->pk_info` to NULL in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

EvgeniiMekhanik added a commit that referenced this issue Jun 5, 2023

Fix incorrect work of ttls_pk_free function

5011c0e

We should reinitialize `ctx` in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

EvgeniiMekhanik closed this as completed in #1890 Jun 6, 2023

EvgeniiMekhanik added a commit that referenced this issue Jun 6, 2023

Fix incorrect work of ttls_pk_free function

a4872c2

We should reinitialize `ctx` in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

krizhanovsky pushed a commit that referenced this issue Jun 16, 2023

Fix incorrect work of ttls_pk_free function

59ce312

We should reinitialize `ctx` in `ttls_pk_free` function to make `ctx` good for later usage. Closes #1888

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kernel panic for some types of tls certificates #1888

Kernel panic for some types of tls certificates #1888

EvgeniiMekhanik commented Jun 1, 2023 •

edited

Loading

EvgeniiMekhanik commented Jun 1, 2023 •

edited

Loading

EvgeniiMekhanik commented Jun 1, 2023

EvgeniiMekhanik commented Jun 1, 2023

Kernel panic for some types of tls certificates #1888

Kernel panic for some types of tls certificates #1888

Comments

EvgeniiMekhanik commented Jun 1, 2023 • edited Loading

EvgeniiMekhanik commented Jun 1, 2023 • edited Loading

EvgeniiMekhanik commented Jun 1, 2023

EvgeniiMekhanik commented Jun 1, 2023

EvgeniiMekhanik commented Jun 1, 2023 •

edited

Loading

EvgeniiMekhanik commented Jun 1, 2023 •

edited

Loading