Re: Race Condition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 14/06/2019 11:09, Serti Ayoub wrote:
> 
> I can't provide a sample to reproduce the crash, it's totaly random.
>  
> Here example of thread call stack:

Yes, this does look like a bug. My guess is most people don't hit this because
they don't set SSL_OP_NO_TICKET in TLSv1.3. The default behaviour is to use
stateless tickets which aren't shared between threads, so no race condition is
possible. However, with SSL_OP_NO_TICKET we use stateful tickets which means the
session objects *are* shared.

Session objects are supposed to be immutable after the initial handshake is
complete so that this sort of thing doesn't happen. Looks like that isn't the
case in the handling of supported groups. In reality there is no reason at all
to store the supported groups information in the session object since we don't
reuse that information from one session resume to another anyway so its just
misplaced in the session object.

Please try out this patch:

https://github.com/openssl/openssl/pull/9162

Matt






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux