<div dir="ltr">$ valgrind --leak-check=full ./client<br>==18674== Memcheck, a memory error detector                                          <br>==18674== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.            <br>==18674== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info     <br>==18674== Command: ./client                                                          <br>==18674==                                                                            <br>ZS\!Uڃȕe;+UbH1XF                                                                     <br>汹Sj                                                                                 <br>    aETg[Y                                                                           <br>                                                                                     <br>          .Error creating SSL connection.  err=ffffffff                              <br>error:14000126:SSL routines::unexpected eof while reading                            <br>==18674==                                                                            <br>==18674== HEAP SUMMARY:<br>==18674==     in use at exit: 942,770 bytes in 3,508 blocks<br>==18674==   total heap usage: 372,389 allocs, 368,881 frees, 116,999,626 bytes allocated<br>==18674== <br>==18674== 865,305 (159,600 direct, 705,705 indirect) bytes in 21 blocks are definitel<br>y lost in loss record 222 of 222<br>==18674==    at 0x483977F: malloc (vg_replace_malloc.c:307)<br>==18674==    by 0x4AB7709: CRYPTO_zalloc (in /usr/local/lib/libcrypto.so.3)<br>==18674==    by 0x487F015: SSL_new (in /usr/local/lib/libssl.so.3)<br>==18674==    by 0x109597: main (in /client)<br>==18674== <br>==18674== LEAK SUMMARY:<br>==18674==    definitely lost: 159,600 bytes in 21 blocks<br>==18674==    indirectly lost: 705,705 bytes in 3,276 blocks<br>==18674==      possibly lost: 0 bytes in 0 blocks<br>==18674==    still reachable: 77,465 bytes in 211 blocks<br>==18674==         suppressed: 0 bytes in 0 blocks<br>==18674== Reachable blocks (those to which a pointer was found) are not shown.<br>==18674== To see them, rerun with: --leak-check=full --show-leak-kinds=all<br>==18674== <br>==18674== For lists of detected and suppressed errors, rerun with: -s<br>==18674== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Dmitry Belyavsky <<a href="mailto:beldmit@gmail.com">beldmit@gmail.com</a>> 于2020年6月12日周五 下午6:24写道：<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Could you please try to re-run the client via Valgrind?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jun 12, 2020 at 7:03 AM Xinzhe Wang <<a href="mailto:matrixwxz@gmail.com" target="_blank">matrixwxz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">When KTLS is enabled, multiple client's handshake will lead to unexpected eof while reading and data corrupt(possible memory leak).<br><br>Tested OpenSSL version: master, 3.0.0-alpha1<br>Kernel version: 5.4.43-1-MANJARO<br>Reproduce step(using docker):<br><br><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">sudo modprobe tls<br>git clone <a href="https://github.com/openssl/openssl.git" target="_blank">https://github.com/openssl/openssl.git</a><br>sudo docker run -it -v $(pwd)/openssl:/openssl archlinux<br><br># [In docker]<br>pacman -Sy make gcc vim<br>cd openssl<br>./config enable-ktls<br>make build_sw -j4<br>pacman -Rdd openssl<br>make install_sw<br><br>cd /<br>vim server.cpp<br># <a href="https://paste.ubuntu.com/p/fyhr6dDR7G/" target="_blank">https://paste.ubuntu.com/p/fyhr6dDR7G/</a><br>vim client.cpp<br># <a href="https://paste.ubuntu.com/p/P2DjwWhTkf/" target="_blank">https://paste.ubuntu.com/p/P2DjwWhTkf/</a><br>vim server.pem<br># <a href="https://paste.ubuntu.com/p/QttnVGsVSm/" target="_blank">https://paste.ubuntu.com/p/QttnVGsVSm/</a><br>vim serverkey.pem<br># <a href="https://paste.ubuntu.com/p/g6QR84wSfw/" target="_blank">https://paste.ubuntu.com/p/g6QR84wSfw/</a><br><br>g++ -c -o client.o client.cpp<br>g++ -o client client.o -lssl -lcrypto<br>g++ -c -o server.o server.cpp<br>g++ -o server server.o -lssl -lcrypto<br>export LD_LIBRARY_PATH=/usr/local/lib<br>./server &<br>./client</blockquote><br>You will see like this<div><br><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">FP<br> Vtest test<br>test<br>test<br>Mljtest test<br>test<br>test<br>test<br>test<br>test<br>test<br>Error creating SSL connection.  err=ffffffff<br>error:14000126:SSL routines::unexpected eof while reading<br><br></blockquote><div>When OpenSSL is compiled without ktls, the client will print test infinitely, but when enable ktls, some data are corrupted and sometimes result in unexpected eof while reading.<br><br>Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and RecvPacket(); in client, it will also result in unexpected eof while reading so I think there is something wrong with handshake procedure when ktls is enabled, maybe memory leak or UAF.</div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">SY, Dmitry Belyavsky</div>
</blockquote></div>