1 (edited by antoxa 2012-10-01 04:36:39)

Topic: resume session lookup failed -> memory corruption

Hey.
Found this today finally, seems like session resume corrupts memory when not found.

Context:
* latest github source
* macosx 10.7.4 (apple stock gcc 4.2) and SLES 11.1 (stock gcc 4.3.4)
* ./configure --prefix=/usr/local/cyassl --enable-hugecache --enable-fastmath --enable-debug
* start server

./examples/server/server -p 1105 -v 1

* execute command

echo -ne '160301006b010000670301506954bb10a154941e3c53b588a849080d9fb0886f94717ef2ae9c7c210b28482003d6b21d6d3428146bed287dba5e6e707dd5d88aff196f1cf5954633e4870cc0002000040005002f00330032000a00160013000900150012000300080014001100ff01001403010001011603010030ee9bca4c3dd96d96f718f79ead7ef7ac80057359b50cac8e48190e3afe09636dfe7a7f6f5d7c0ad72b4c9def13619612' | xxd -r -p | netcat localhost 1105 | xxd

here's debug log

<skipped all startup messages>

CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering CyaSSL_SetTmpDH
CyaSSL Leaving CyaSSL_SetTmpDH, return 0
CyaSSL Entering SSL_accept()
growing input buffer

growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing client hello
Client wants to resume session
Session lookup for resume failed
CyaSSL Entering MatchSuite
CyaSSL Entering VerifySuite
Requires RSA
Verified suite validity
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state HELLO_VERIFY_SENT
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
accept state KEY_EXCHANGE_SENT
growing output buffer

Shrinking output buffer

accept state CERT_REQ_SENT
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_DONE
received record layer msg
got CHANGE CIPHER SPEC
Segmentation fault: 11

Help please smile

Share

2 (edited by antoxa 2012-10-01 04:41:15)

Re: resume session lookup failed -> memory corruption

here's what i get from valgrind

accept state SERVER_HELLO_DONE
received record layer msg
got CHANGE CIPHER SPEC

==9094== Process terminating with default action of signal 10 (SIGBUS)
==9094==  Non-existent physical address at address 0x104
==9094==    at 0x6F06: memmove$VARIANT$sse3x (in /usr/local/Cellar/valgrind/3.8.1/lib/valgrind/vgpreload_memcheck-amd64-darwin.so)
==9094==    by 0x33ABF: __inline_memcpy_chk (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0x3591F: AesCbcDecrypt (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0xE7FB: Decrypt (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0xE6B3: DecryptMessage (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0xF56C: ProcessReply (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0x1F172: CyaSSL_accept (in /usr/local/cyassl/lib/libcyassl.3.dylib)
==9094==    by 0x10000136E: server_test (in ./examples/server/.libs/server)
==9094==    by 0x10000219C: main (in ./examples/server/.libs/server)

Share

Re: resume session lookup failed -> memory corruption

ok, so i've investigated a bit. and looks like keys are just not being imported when session is not found for resume. so ssl->decrypt.aes = NULL and bad things happen.

i've been able to fix it with the following patch. Again, not sure if it would break something else. smile

It's probably the really wrong way to fix it, since resume relies on some state being present, but for what it's worth anyway.

diff --git a/src/internal.c b/src/internal.c
index 339b92d..a3966ac 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7092,7 +7092,9 @@ int SetCipherList(Suites* s, const char* list)
             if (!session) {
                 ssl->options.resuming = 0;
                 CYASSL_MSG("Session lookup for resume failed");
+#if 0
                 break;   /* session lookup failed */
+#endif
             }
             if (MatchSuite(ssl, &clSuites) < 0) {
                 CYASSL_MSG("Unsupported cipher suite, ClientHello");

Share

Re: resume session lookup failed -> memory corruption

tested this on 2.3.0 release now, it doesn't segfault, but complains nevertheless

AesDecrypt encountered improper key, set it up
AesDecrypt encountered improper key, set it up
AesDecrypt encountered improper key, set it up

Share

Re: resume session lookup failed -> memory corruption

Thanks for the excellent report!  wolfSSL embedded ssl 2.4.0 will have a different memory allocation system whereby it will release memory handshake memory when done with the handshake.  In this case, the ciphers weren't being properly allocated because the client was assuming the resumption worked even when it didn't.  I've checked in a fix for this and other related problems by adding a cipher setup flag.

Thanks again for the report and let us know if you run into anything else.

Share

Re: resume session lookup failed -> memory corruption

thank you smile

Share