Re: [rsyslog] looking for info on RHEL 6 gnutls problem

Thu, 16 May 2019 11:14:18 -0700 

On Thu, 16 May 2019, Rainer Gerhards wrote:


El jue., 16 may. 2019 a las 19:33, David Lang (<[email protected]>) escribió:


On Thu, 16 May 2019, Rainer Gerhards wrote:


I believe that the right thing to do is to abort the connection, but it seems
that rsyslog is dieing instead of just failing the connection (in this case, it
seems to be an inbound connection)

I walked into this by seeing a discussion of how to restart rsyslog when it dies
from this.


Do you have any idea of how to reproduce this? If so, could you create
a debug log and valgrind run?


This is still my first week here, and I don't know what I have access to do
duplicate this, but I believe that you can replicate this by sending a badly
enough malformed TLS handshake to the listening socket. I don't know exactly
what aspect of the handshake needs to be corrupted.


I still very much suggest to move to openssl - it really helps us
generate much better error messages in case of a problem.


That's what I am recommending.


Would still like to see this solved for gnutls. I think I tested inside the
testbench and we never came to any result. What, btw, was a second driving
force behind implementing openssl...


I agree, but the testbench doesn't send malformed messages/handshakes, and
that's what's needed here.


If you have an idea of how to do that, I am all ears ;-)



running manually, I would look for fuzzing tools (there are probably ones 
specifically designed to stress TLS stacks) a google search (tls fuzzing tools) 
finds github.com/tomato42/tlsfuzzer and a bunch of other useful links.



I don't think there's a good way to automate this, at least not as something 
that we run every commit. We may be able to have a fuzzer run against it for a 
while once per relase, but the coverage is not predictable


David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to