Hi All,
Ted Ugnast (of OpenBSD) wrote an interesting blog entry:
I'm quoting here for people who need the essential information:
"
On line 1059, we find a call to ssl3_release_read_buffer after we have
read the header, which will free the current buffer.
if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE
*/ { [...] if (!peek) { rr->length-=n; rr->off+=n; if (rr->length ==
0) { s->rstate=SSL_ST_READ_HEADER; rr->off=0; if (s->mode &
SSL_MODE_RELEASE_BUFFERS) ssl3_release_read_buffer(s); } }
There's one small problem. We're not actually done with it yet. It
still has some interesting data in it that we will want to read later.
Fortunately, this is only a small problem because the LIFO freelist
will give it right back to us! It has to chill on the freelist for few
microseconds, but then the next call to ssl3_read_nwill call setup and
start right back where we left off. Same buffer, same contents.
rb = &(s->s3->rbuf); if (rb->buf == NULL) if
(!ssl3_setup_read_buffer(s)) return -1; left = rb->left;
Unless, of course, there is no freelist and releasing the read buffer
actually, you know, releases it, which is what happens when you
compile with OPENSSL_NO_BUF_FREELIST. Now that first buffer is gone
forever, and it's a different buffer that we start reading from. But
this new, different buffer isn't very likely to have the same data as
the old buffer. OpenSSL gets very confused when it can't find the data
it expects and aborts the connection.
"
His patch was not against -current.
http://elandsys.com/~logan/openssl_fix.diff
Please find it here:
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b9e45c7..61b017f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1334,8 +1334,6 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
- ssl3_release_read_buffer(s);
}
}
return(n);
I tested by building OpenSSL from github.
I would be interested in improving the diff further, so feedback welcomed :-)
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
