[openssl-project] update on sporadic test failures

Richard Levitte levitte at openssl.org
Fri Jan 12 13:26:50 UTC 2018 

In message <AM5PR0701MB265769F9AFA0241649A437DDE4170 at AM5PR0701MB2657.eurprd07.prod.outlook.com> on Fri, 12 Jan 2018 12:56:59 +0000, Bernd Edlinger <bernd.edlinger at hotmail.de> said:

bernd.edlinger> Hi Richard,
bernd.edlinger> 
bernd.edlinger> I am not sure if the missing packet may be split between two sysreads,
bernd.edlinger> if that is possible may depend on the linux version.
bernd.edlinger> 
bernd.edlinger> I used:
bernd.edlinger> 
bernd.edlinger> Linux version 3.13.0-139-lowlatency (buildd at lgw01-amd64-031) (gcc 
bernd.edlinger> version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #188-Ubuntu SMP PREEMPT 
bernd.edlinger> Tue Jan 9 15:04:54 UTC 2018
bernd.edlinger> 
bernd.edlinger> 
bernd.edlinger> However, if I reduce the buffer space, the test fails every time:
bernd.edlinger> 
bernd.edlinger> diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
bernd.edlinger> index 99b0ded..b436388 100644
bernd.edlinger> --- a/util/perl/TLSProxy/Proxy.pm
bernd.edlinger> +++ b/util/perl/TLSProxy/Proxy.pm
bernd.edlinger> @@ -304,12 +304,12 @@ sub clientstart
bernd.edlinger>           }
bernd.edlinger>           foreach my $hand (@ready) {
bernd.edlinger>               if ($hand == $server_sock) {
bernd.edlinger> -                $server_sock->sysread($indata, 16384) or goto END;
bernd.edlinger> +                $server_sock->sysread($indata, 16) or goto END;
bernd.edlinger>                   $indata = $self->process_packet(1, $indata);
bernd.edlinger>                   $client_sock->syswrite($indata);
bernd.edlinger>                   $ctr = 0;
bernd.edlinger>               } elsif ($hand == $client_sock) {
bernd.edlinger> -                $client_sock->sysread($indata, 16384) or goto END;
bernd.edlinger> +                $client_sock->sysread($indata, 16) or goto END;
bernd.edlinger>                   $indata = $self->process_packet(0, $indata);
bernd.edlinger>                   $server_sock->syswrite($indata);
bernd.edlinger>                   $ctr = 0;
bernd.edlinger> 
bernd.edlinger> I could imagine that the system returns either a partial message
bernd.edlinger> or both at once under stress.

Unfortunately, that's mostly a red herring, as the proxy message
unpacker doesn't react well with partial messages:

    Received server packet
    Packet length = 256
    Processing flight 3
     Record 1 (server -> client)
    Use of uninitialized value within %record_type in concatenation (.) or string at /home/levitte/gitwrk/openssl.net/official/_build/test/../../master/util/perl/TLSProxy/Record.pm line 89.
      Content type: 
    Use of uninitialized value within %tls_version in concatenation (.) or string at /home/levitte/gitwrk/openssl.net/official/_build/test/../../master/util/perl/TLSProxy/Record.pm line 90.
      Version: 
      Length: 1720 (expected), 251 (actual)
    
    Forwarded packet length = 256

I mean sure, it will forward the data it got in (I think), but the
test filters won't run properly, so tests may fail because of that

Something I worry about is that ' or goto END;', 'cause I see the
possibility that if one end closes but not the other, the proxy may
miss in some messages.  That may be the main reason why we don't see
that CloseNotify alert...  'cause say that the server stopped
communication for whatever reason, then $server_sock->sysread will
return undef, and we will jump out of that read/write loop and
possibly disregard one last message from the client...

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list