Probably memory leak on handshake when KTLS enabled
Xinzhe Wang
matrixwxz at gmail.com
Fri Jun 12 04:01:53 UTC 2020
When KTLS is enabled, multiple client's handshake will lead to unexpected
eof while reading and data corrupt(possible memory leak).
Tested OpenSSL version: master, 3.0.0-alpha1
Kernel version: 5.4.43-1-MANJARO
Reproduce step(using docker):
sudo modprobe tls
git clone https://github.com/openssl/openssl.git
sudo docker run -it -v $(pwd)/openssl:/openssl archlinux
# [In docker]
pacman -Sy make gcc vim
cd openssl
./config enable-ktls
make build_sw -j4
pacman -Rdd openssl
make install_sw
cd /
vim server.cpp
# https://paste.ubuntu.com/p/fyhr6dDR7G/
vim client.cpp
# https://paste.ubuntu.com/p/P2DjwWhTkf/
vim server.pem
# https://paste.ubuntu.com/p/QttnVGsVSm/
vim serverkey.pem
# https://paste.ubuntu.com/p/g6QR84wSfw/
g++ -c -o client.o client.cpp
g++ -o client client.o -lssl -lcrypto
g++ -c -o server.o server.cpp
g++ -o server server.o -lssl -lcrypto
export LD_LIBRARY_PATH=/usr/local/lib
./server &
./client
You will see like this
FP
Vtest test
test
test
Mljtest test
test
test
test
test
test
test
Error creating SSL connection. err=ffffffff
error:14000126:SSL routines::unexpected eof while reading
When OpenSSL is compiled without ktls, the client will print test
infinitely, but when enable ktls, some data are corrupted and sometimes
result in unexpected eof while reading.
Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and
RecvPacket(); in client, it will also result in unexpected eof while
reading so I think there is something wrong with handshake procedure when
ktls is enabled, maybe memory leak or UAF.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200612/ecb6ca36/attachment.html>
More information about the openssl-users
mailing list