[
https://issues.apache.org/jira/browse/THRIFT-3061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roger Meier reopened THRIFT-3061:
---------------------------------
> C++ TSSLSocket shutdown delay/vulnerability
> -------------------------------------------
>
> Key: THRIFT-3061
> URL: https://issues.apache.org/jira/browse/THRIFT-3061
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.8, 0.9, 0.9.1, 0.9.2
> Reporter: James E. King, III
> Assignee: Roger Meier
> Labels: OpenSSL, SSL
> Attachments: THRIFT-3061.patch
>
>
> In the C++ implementation of TSSLSocket, during close() the following code
> sequence is found:
> {noformat}
> void TSSLSocket::close() {
> if (ssl_ != NULL) {
> int rc = SSL_shutdown(ssl_);
> if (rc == 0) {
> rc = SSL_shutdown(ssl_);
> }
> {noformat}
> According to the OpenSSL documentation, while it is "nice" to attempt to
> shutdown SSL in this way, it is not required when the code is performing a
> unilateral shutdown (meaning the underlying connection will be closed). It
> is only necessary to call SSL_Shutdown twice like this if the socket (and
> configured SSL therein) is going to be reused.
> It is possible to have a misbehaving client that does not handle this part of
> the shutdown process properly and fail to reply, and also fail to close. The
> most likely embodiment would be a program designed specifically to fail to
> reply to the "close notify" and hold the socket open in order to produce a
> denial-of-service attack. Another possibility is a poorly written client.
> Given the OpenSSL documentation states that calling SSL_Shutdown once is
> sufficient when the socket is going to be closed, I recommend that we remove
> the second SSL_Shutdown call and prevent something that can block the close()
> call. We have seen this happen, and it interacts with THRIFT-2441.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
