On Thu, Apr 10, 2014 at 8:36 PM, Loganaden Velvindron
<[email protected]> wrote:
> Hi All,
>
> Ted Ugnast (of OpenBSD) wrote an interesting blog entry:
Deep apologies to Ted. I got his name wrong. It's Ted Unangst.
(And thanks to Otto for bringing this to my attention :-))
>
> I'm quoting here for people who need the essential information:
> "
>
> On line 1059, we find a call to ssl3_release_read_buffer after we have
> read the header, which will free the current buffer.
>
> if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE
> */ { [...] if (!peek) { rr->length-=n; rr->off+=n; if (rr->length ==
> 0) { s->rstate=SSL_ST_READ_HEADER; rr->off=0; if (s->mode &
> SSL_MODE_RELEASE_BUFFERS) ssl3_release_read_buffer(s); } }
>
> There's one small problem. We're not actually done with it yet. It
> still has some interesting data in it that we will want to read later.
> Fortunately, this is only a small problem because the LIFO freelist
> will give it right back to us! It has to chill on the freelist for few
> microseconds, but then the next call to ssl3_read_nwill call setup and
> start right back where we left off. Same buffer, same contents.
>
> rb = &(s->s3->rbuf); if (rb->buf == NULL) if
> (!ssl3_setup_read_buffer(s)) return -1; left = rb->left;
>
> Unless, of course, there is no freelist and releasing the read buffer
> actually, you know, releases it, which is what happens when you
> compile with OPENSSL_NO_BUF_FREELIST. Now that first buffer is gone
> forever, and it's a different buffer that we start reading from. But
> this new, different buffer isn't very likely to have the same data as
> the old buffer. OpenSSL gets very confused when it can't find the data
> it expects and aborts the connection.
>
> "
>
> His patch was not against -current.
>
> http://elandsys.com/~logan/openssl_fix.diff
>
> Please find it here:
>
> diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
> index b9e45c7..61b017f 100644
> --- a/ssl/s3_pkt.c
> +++ b/ssl/s3_pkt.c
> @@ -1334,8 +1334,6 @@ start:
> {
> s->rstate=SSL_ST_READ_HEADER;
> rr->off=0;
> - if (s->mode & SSL_MODE_RELEASE_BUFFERS)
> - ssl3_release_read_buffer(s);
> }
> }
> return(n);
>
>
> I tested by building OpenSSL from github.
>
> I would be interested in improving the diff further, so feedback welcomed :-)
>
>
> --
> This message is strictly personal and the opinions expressed do not
> represent those of my employers, either past or present.
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
