Probably memory leak on handshake when KTLS enabled
Xinzhe Wang
matrixwxz at gmail.com
Fri Jun 12 11:09:56 UTC 2020
$ valgrind --leak-check=full ./client
==18674== Memcheck, a memory error detector
==18674== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18674== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright
info
==18674== Command: ./client
==18674==
ZS\!Uڃȕe;+UbH1XF
汹Sj
aETg[Y
.Error creating SSL connection. err=ffffffff
error:14000126:SSL routines::unexpected eof while reading
==18674==
==18674== HEAP SUMMARY:
==18674== in use at exit: 942,770 bytes in 3,508 blocks
==18674== total heap usage: 372,389 allocs, 368,881 frees, 116,999,626
bytes allocated
==18674==
==18674== 865,305 (159,600 direct, 705,705 indirect) bytes in 21 blocks are
definitel
y lost in loss record 222 of 222
==18674== at 0x483977F: malloc (vg_replace_malloc.c:307)
==18674== by 0x4AB7709: CRYPTO_zalloc (in /usr/local/lib/libcrypto.so.3)
==18674== by 0x487F015: SSL_new (in /usr/local/lib/libssl.so.3)
==18674== by 0x109597: main (in /client)
==18674==
==18674== LEAK SUMMARY:
==18674== definitely lost: 159,600 bytes in 21 blocks
==18674== indirectly lost: 705,705 bytes in 3,276 blocks
==18674== possibly lost: 0 bytes in 0 blocks
==18674== still reachable: 77,465 bytes in 211 blocks
==18674== suppressed: 0 bytes in 0 blocks
==18674== Reachable blocks (those to which a pointer was found) are not
shown.
==18674== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==18674==
==18674== For lists of detected and suppressed errors, rerun with: -s
==18674== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Dmitry Belyavsky <beldmit at gmail.com> 于2020年6月12日周五 下午6:24写道:
> Could you please try to re-run the client via Valgrind?
>
> On Fri, Jun 12, 2020 at 7:03 AM Xinzhe Wang <matrixwxz at gmail.com> wrote:
>
>> When KTLS is enabled, multiple client's handshake will lead to unexpected
>> eof while reading and data corrupt(possible memory leak).
>>
>> Tested OpenSSL version: master, 3.0.0-alpha1
>> Kernel version: 5.4.43-1-MANJARO
>> Reproduce step(using docker):
>>
>> sudo modprobe tls
>> git clone https://github.com/openssl/openssl.git
>> sudo docker run -it -v $(pwd)/openssl:/openssl archlinux
>>
>> # [In docker]
>> pacman -Sy make gcc vim
>> cd openssl
>> ./config enable-ktls
>> make build_sw -j4
>> pacman -Rdd openssl
>> make install_sw
>>
>> cd /
>> vim server.cpp
>> # https://paste.ubuntu.com/p/fyhr6dDR7G/
>> vim client.cpp
>> # https://paste.ubuntu.com/p/P2DjwWhTkf/
>> vim server.pem
>> # https://paste.ubuntu.com/p/QttnVGsVSm/
>> vim serverkey.pem
>> # https://paste.ubuntu.com/p/g6QR84wSfw/
>>
>> g++ -c -o client.o client.cpp
>> g++ -o client client.o -lssl -lcrypto
>> g++ -c -o server.o server.cpp
>> g++ -o server server.o -lssl -lcrypto
>> export LD_LIBRARY_PATH=/usr/local/lib
>> ./server &
>> ./client
>>
>>
>> You will see like this
>>
>> FP
>> Vtest test
>> test
>> test
>> Mljtest test
>> test
>> test
>> test
>> test
>> test
>> test
>> Error creating SSL connection. err=ffffffff
>> error:14000126:SSL routines::unexpected eof while reading
>>
>> When OpenSSL is compiled without ktls, the client will print test
>> infinitely, but when enable ktls, some data are corrupted and sometimes
>> result in unexpected eof while reading.
>>
>> Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and
>> RecvPacket(); in client, it will also result in unexpected eof while
>> reading so I think there is something wrong with handshake procedure when
>> ktls is enabled, maybe memory leak or UAF.
>>
>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200612/34ec5f59/attachment.html>
More information about the openssl-users
mailing list