RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-17 02:56:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC)

Browse Source 
This bug follows this patch:
     MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event.
where a new third variable was added to be dumped from QUIC_EV_CONN_IO_CB trace
event. The quic_trace() code did not reveal there was already another variable
passed as third argument but not dumped. This leaded to crash when dereferencing
a point to an int in place of a point to an SSL object.

This issue was reproduced only by handshakecorruption aws-lc interop test with
s2n-quic as client.

Note that this patch must be backported with this one:
     BUG/MEDIUM: quic: always validate sender address on 0-RTT
which depends on the commit mentionned above.

(cherry picked from commit db13df3d6e)
Signed-off-by: Frederic Lecaille <flecaille@haproxy.com>
This commit is contained in:
Frederic Lecaille 2024-09-02 09:36:19 +02:00
parent e22341618a
commit 58b6b58019
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_ssl.c
View File

@ -353,7 +353,7 @@ static int ha_quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t leve
TRACE_ENTER(QUIC_EV_CONN_ADDDATA, qc); TRACE_ENTER(QUIC_EV_CONN_ADDDATA, qc);
TRACE_PROTO("ha_quic_add_handshake_data() called", QUIC_EV_CONN_IO_CB, qc, NULL, ssl); TRACE_PROTO("ha_quic_add_handshake_data() called", QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ssl);
#ifdef HAVE_SSL_0RTT_QUIC #ifdef HAVE_SSL_0RTT_QUIC
/* Detect asap if some 0-RTT data were accepted for this connection. /* Detect asap if some 0-RTT data were accepted for this connection.
@ -547,10 +547,10 @@ static int qc_ssl_provide_quic_data(struct ncbuf *ncbuf,
state = qc->state; state = qc->state;
if (state < QUIC_HS_ST_COMPLETE) { if (state < QUIC_HS_ST_COMPLETE) {
ssl_err = SSL_do_handshake(ctx->ssl); ssl_err = SSL_do_handshake(ctx->ssl);
TRACE_PROTO("SSL_do_handshake() called", QUIC_EV_CONN_IO_CB, qc, NULL, ctx->ssl); TRACE_PROTO("SSL_do_handshake() called", QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ctx->ssl);
if (qc->flags & QUIC_FL_CONN_TO_KILL) { if (qc->flags & QUIC_FL_CONN_TO_KILL) {
TRACE_DEVEL("connection to be killed", QUIC_EV_CONN_IO_CB, qc, &state, ctx->ssl); TRACE_DEVEL("connection to be killed", QUIC_EV_CONN_IO_CB, qc, &state, NULL, ctx->ssl);
goto leave; goto leave;
} }

5
src/quic_trace.c
View File

@ -259,10 +259,13 @@ static void quic_trace(enum trace_level level, uint64_t mask, const struct trace
if (mask & QUIC_EV_CONN_IO_CB) { if (mask & QUIC_EV_CONN_IO_CB) {
const enum quic_handshake_state *state = a2; const enum quic_handshake_state *state = a2;
const SSL *ssl = a3; const int *ssl_err = a3;
const SSL *ssl = a4;
if (state) if (state)
chunk_appendf(&trace_buf, " state=%s", quic_hdshk_state_str(*state)); chunk_appendf(&trace_buf, " state=%s", quic_hdshk_state_str(*state));
if (ssl_err)
chunk_appendf(&trace_buf, " ssl_err=%d", *ssl_err);
if (ssl) if (ssl)
chunk_appendf(&trace_buf, " early_data_status=%s", chunk_appendf(&trace_buf, " early_data_status=%s",
quic_ssl_early_data_status_str(ssl)); quic_ssl_early_data_status_str(ssl));