Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: DoTls13HandShakeMsgType stack smashing in the wolfSSL 5.5.0 powered web server on aarch64 #5629

Closed
ynezz opened this issue Sep 24, 2022 · 9 comments
Closed

[Bug]: DoTls13HandShakeMsgType stack smashing in the wolfSSL 5.5.0 powered web server on aarch64 #5629

ynezz opened this issue Sep 24, 2022 · 9 comments
Assignees
@rizlik
Labels
bug

Comments

@ynezz
Copy link

ynezz commented Sep 24, 2022
edited
Loading

Contact Details

ynezz@true.cz

Version

5.4.0 and 5.5.0

Description

Several OpenWrt users have reported, that wolfSSL powered HTTPS web server crashes when accessed from Chrome 105 web browser. Issue happens with wolfSSL versions 5.4.0 and 5.5.0.

Reproduction steps

  1. run latest OpenWrt 22.03.0 release (wolfSSL 5.4.0) or latest development snapshot (wolfSSL 5.5.0) on aarch64 target
  2. use Chrome 105 web browser to access web user interface served over HTTPS

Relevant log output

Core was generated by `/usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -l /cgi-bin/luci -L /usr/lib'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000ffff8f0c72a0 in a_crash () at ./src/internal/atomic.h:250
250     ./src/internal/atomic.h: No such file or directory.
(gdb) bt
#0  0x0000ffff8f0c72a0 in a_crash () at ./src/internal/atomic.h:250
#1  __stack_chk_fail () at src/env/__stack_chk_fail.c:26
#2  0x0000ffff8ee76744 in DoTls13HandShakeMsgType (ssl=0xffff8ebec170, input=0xffff8ebd46e0 "\001", inOutIdx=<optimized out>, type=<optimized out>, size=<optimized out>, totalSz=<optimized out>) at src/tls13.c:9783
#3  0x0000ffff8ee1ce18 in DoTls13HandShakeMsg (totalSz=529, inOutIdx=0xffff8ebec414, input=0xffff8ebd46e0 "\001", ssl=0xffff8ebec170) at src/tls13.c:10074
#4  ProcessReplyEx (allowSocketErr=0, ssl=0xffff8ebec170) at src/internal.c:19337
#5  ProcessReply (ssl=0xffff8ebec170) at src/internal.c:18593
#6  0x0213021302130213 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

You can find tcpdumps and packet numbers leading to crashes in openwrt/luci#5962 (comment). I've tried to tcpreplay those, but I wasn't able to reproduce it, so probably some previous internal TLS v1.3 server process state triggers this issue?
@ynezz ynezz added the bug label Sep 24, 2022
@ynezz ynezz mentioned this issue Sep 24, 2022
Closed
@dgarske
Copy link
Contributor

dgarske commented Sep 25, 2022

Hi @ynezz,

Thank you for this report. Have you tried with latest master? I've asked @rizlik to review this report. Please pull in @SparkiDev if needed.

Thanks, David Garske, wolfSSL

@ynezz
Copy link
Author

ynezz commented Sep 26, 2022
edited
Loading

Have you tried with latest master?

@dgarske Unfortunately I'm not able to reproduce it myself, so I've just asked one of the affected users @kien-truong to help with that check.

@rizlik
Copy link
Contributor

rizlik commented Sep 26, 2022

@ynezz
I also tried to reproduce with armvirt-64 and qemu without luck. The only similar target I've at hand is a raspberryPi 4 and I'll try to reproduce there.

@kien-truong
Copy link

@ynezz I tried WolfSSL master from your patch, and Luci hasn't crashed so far. I also notice 1 thing odd about my Chrome TLS handshake: it has a duplicate in its Cipher Suite

Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)

There's a new commit in WolfSSL that seems related to this 79d85f6

@ynezz
Copy link
Author

ynezz commented Sep 26, 2022

and Luci hasn't crashed so far

Thanks for such a quick response, thats a good news!

There's a new commit in WolfSSL that seems related to this 79d85f6

And probably 5e945f9 ?

@kien-truong
Copy link

It does seem possible to write pass the end of the suites array in case of duplicates, before 5e945f9 , thus corrupting the stack.

@ynezz
Copy link
Author

ynezz commented Sep 27, 2022
edited
Loading

@dgarske BTW are you going to request CVE# for this security issue having RCE potential?

ynezz added a commit to ynezz/openwrt that referenced this issue Sep 28, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
b311208 
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
openwrt-bot pushed a commit to lede-project/source that referenced this issue Sep 29, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
a596a83 
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
@ynezz
Copy link
Author

ynezz commented Sep 29, 2022

Fixed in 5.5.1.

@ynezz ynezz closed this as completed Sep 29, 2022
@ynezz
Copy link
Author

ynezz commented Sep 29, 2022

@dgarske BTW are you going to request CVE# for this security issue having RCE potential?

CVE-2022-39173

openwrt-bot pushed a commit to lede-project/source that referenced this issue Sep 29, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
ec8fb54 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
@ynezz ynezz mentioned this issue Sep 29, 2022
Closed
ynezz added a commit to ynezz/openwrt that referenced this issue Sep 30, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
18bb089 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
Vladdrako pushed a commit to Vladdrako/openwrt that referenced this issue Oct 2, 2022
@ynezz @Vladdrako
wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
3217390 
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Vladdrako pushed a commit to Vladdrako/openwrt that referenced this issue Oct 2, 2022
@ynezz @Vladdrako
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
520ebeb 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
openwrt-bot pushed a commit to openwrt/openwrt that referenced this issue Oct 4, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
ce59843 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
openwrt-bot pushed a commit to openwrt/openwrt that referenced this issue Oct 5, 2022
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
914d912 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
(cherry picked from commit ce59843)
@maxammann maxammann mentioned this issue Oct 12, 2022
Open
ArtelMike pushed a commit to ArtelMike/openwrt-1 that referenced this issue Jan 31, 2023
@ynezz
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
2dd7e36 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ddcca30)
(cherry picked from commit 3629917)
ohabu pushed a commit to ohabu/openwrt that referenced this issue May 12, 2023
@ynezz @ohabu
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
2614c05 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
(cherry picked from commit ce59843)
sergoops pushed a commit to sergoops/openwrt_tl_wr840n_v6.x that referenced this issue Nov 18, 2023
@ynezz @sergoops
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
9aa6466 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
(cherry picked from commit ce59843)
sergoops pushed a commit to sergoops/openwrt_tl_wr840n_v6.x that referenced this issue Nov 18, 2023
@ynezz @sergoops
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
8fce113 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
(cherry picked from commit ce59843)
sergoops pushed a commit to sergoops/openwrt_tl_wr840n_v6.x that referenced this issue Aug 8, 2024
@ynezz @sergoops
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173
760c490 
)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: openwrt/luci#5962
References: wolfSSL/wolfssl#5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb54)
(cherry picked from commit ce59843)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rizlik rizlik

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ynezz @kien-truong @dgarske @rizlik