Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server segfault when using session_secret_cb (hostapd eap-fast) #24213

Closed
DouglasSmithLrd opened this issue Apr 19, 2024 · 3 comments
Closed

server segfault when using session_secret_cb (hostapd eap-fast) #24213

DouglasSmithLrd opened this issue Apr 19, 2024 · 3 comments
Assignees
@mattcaswell
Labels
branch: master Merge to master branch branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 severity: important Important bugs affecting a released version severity: regression The issue/pr is a regression from previous released version triaged: bug The issue/pr is/fixes a bug

Comments

@DouglasSmithLrd
Copy link

When using openssl 3.2.1 with the hostapd application, a segfault is thrown when an EAP-FAST station (client) associates.

Segmentation fault occurs at line 3325 of <ssl/t1_lib.c>, tls1_check_chain() when trying to access *pvalid.
The root cause appears to be that the SSL_CONNECTION valid_flags have not been allocated in this instance.
The issue occurs after the session_secret_cb processing in tls_early_post_process_client_hello():<ssl/statem/statem_srvr.c>,
during the call to ssl3_choose_cipher().

Adding code to allocate the valid_flags prior to calling session_secret_cb() does prevent the segfault.

The issue does not occur with openssl-3.1.4 as valid_flags[] was a fixed length array (was not allocated).
@DouglasSmithLrd DouglasSmithLrd added the issue: bug report The issue was opened to report a bug label Apr 19, 2024
@t8m t8m added branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug severity: important Important bugs affecting a released version severity: regression The issue/pr is a regression from previous released version branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 and removed issue: bug report The issue was opened to report a bug labels Apr 22, 2024
@nhorman
Copy link
Contributor

nhorman commented Apr 29, 2024

Mat to investigate root cause of this issue

@mattcaswell
Copy link
Member

I have managed to write a test case that reproduces this. Investigating.

mattcaswell added a commit to mattcaswell/openssl that referenced this issue Apr 30, 2024
@mattcaswell
Set the server sig algs before calling the session_secret_cb
1b18b0b 
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes openssl#24213
@mattcaswell mattcaswell mentioned this issue Apr 30, 2024
Closed
@mattcaswell
Copy link
Member

Fix for this in #24309

openssl-machine pushed a commit that referenced this issue May 6, 2024
@mattcaswell @t8m
Set the server sig algs before calling the session_secret_cb
8cdda69 
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes #24213

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24309)

(cherry picked from commit 91c7ab2)
openssl-machine pushed a commit that referenced this issue May 6, 2024
@mattcaswell @t8m
Set the server sig algs before calling the session_secret_cb
9919027 
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes #24213

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24309)

(cherry picked from commit 91c7ab2)
Sashan pushed a commit to Sashan/openssl that referenced this issue May 6, 2024
@mattcaswell @Sashan
Set the server sig algs before calling the session_secret_cb
a1d974d 
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes openssl#24213

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#24309)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattcaswell mattcaswell

Labels
branch: master Merge to master branch branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 severity: important Important bugs affecting a released version severity: regression The issue/pr is a regression from previous released version triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set the server sig algs before calling the session_secret_cb mattcaswell/openssl
4 participants
@nhorman @t8m @mattcaswell @DouglasSmithLrd