$ valgrind --leak-check=full ./client
==18674== Memcheck, a memory error detector
==18674== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18674== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
==18674== Command: ./client
==18674==
ZS\!Uڃȕe;+UbH1XF
汹Sj
aETg[Y
.Error creating SSL connection. err=ffffffff
error:14000126:SSL routines::unexpected eof while reading
==18674==
==18674== HEAP SUMMARY:
==18674== in use at exit: 942,770 bytes in 3,508 blocks
==18674== total heap usage: 372,389 allocs, 368,881 frees, 116,999,626 bytes allocated
==18674==
==18674== 865,305 (159,600 direct, 705,705 indirect) bytes in 21 blocks are definitel
y lost in loss record 222 of 222
==18674== at 0x483977F: malloc (vg_replace_malloc.c:307)
==18674== by 0x4AB7709: CRYPTO_zalloc (in /usr/local/lib/libcrypto.so.3)
==18674== by 0x487F015: SSL_new (in /usr/local/lib/libssl.so.3)
==18674== by 0x109597: main (in /client)
==18674==
==18674== LEAK SUMMARY:
==18674== definitely lost: 159,600 bytes in 21 blocks
==18674== indirectly lost: 705,705 bytes in 3,276 blocks
==18674== possibly lost: 0 bytes in 0 blocks
==18674== still reachable: 77,465 bytes in 211 blocks
==18674== suppressed: 0 bytes in 0 blocks
==18674== Reachable blocks (those to which a pointer was found) are not shown.
==18674== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==18674==
==18674== For lists of detected and suppressed errors, rerun with: -s
==18674== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==18674== Memcheck, a memory error detector
==18674== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18674== Using Valgrind-3.16.0.GIT and LibVEX; rerun with -h for copyright info
==18674== Command: ./client
==18674==
ZS\!Uڃȕe;+UbH1XF
汹Sj
aETg[Y
.Error creating SSL connection. err=ffffffff
error:14000126:SSL routines::unexpected eof while reading
==18674==
==18674== HEAP SUMMARY:
==18674== in use at exit: 942,770 bytes in 3,508 blocks
==18674== total heap usage: 372,389 allocs, 368,881 frees, 116,999,626 bytes allocated
==18674==
==18674== 865,305 (159,600 direct, 705,705 indirect) bytes in 21 blocks are definitel
y lost in loss record 222 of 222
==18674== at 0x483977F: malloc (vg_replace_malloc.c:307)
==18674== by 0x4AB7709: CRYPTO_zalloc (in /usr/local/lib/libcrypto.so.3)
==18674== by 0x487F015: SSL_new (in /usr/local/lib/libssl.so.3)
==18674== by 0x109597: main (in /client)
==18674==
==18674== LEAK SUMMARY:
==18674== definitely lost: 159,600 bytes in 21 blocks
==18674== indirectly lost: 705,705 bytes in 3,276 blocks
==18674== possibly lost: 0 bytes in 0 blocks
==18674== still reachable: 77,465 bytes in 211 blocks
==18674== suppressed: 0 bytes in 0 blocks
==18674== Reachable blocks (those to which a pointer was found) are not shown.
==18674== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==18674==
==18674== For lists of detected and suppressed errors, rerun with: -s
==18674== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Dmitry Belyavsky <beldmit@xxxxxxxxx> 于2020年6月12日周五 下午6:24写道:
Could you please try to re-run the client via Valgrind?On Fri, Jun 12, 2020 at 7:03 AM Xinzhe Wang <matrixwxz@xxxxxxxxx> wrote:When KTLS is enabled, multiple client's handshake will lead to unexpected eof while reading and data corrupt(possible memory leak).
Tested OpenSSL version: master, 3.0.0-alpha1
Kernel version: 5.4.43-1-MANJARO
Reproduce step(using docker):sudo modprobe tls
git clone https://github.com/openssl/openssl.git
sudo docker run -it -v $(pwd)/openssl:/openssl archlinux
# [In docker]
pacman -Sy make gcc vim
cd openssl
./config enable-ktls
make build_sw -j4
pacman -Rdd openssl
make install_sw
cd /
vim server.cpp
# https://paste.ubuntu.com/p/fyhr6dDR7G/
vim client.cpp
# https://paste.ubuntu.com/p/P2DjwWhTkf/
vim server.pem
# https://paste.ubuntu.com/p/QttnVGsVSm/
vim serverkey.pem
# https://paste.ubuntu.com/p/g6QR84wSfw/
g++ -c -o client.o client.cpp
g++ -o client client.o -lssl -lcrypto
g++ -c -o server.o server.cpp
g++ -o server server.o -lssl -lcrypto
export LD_LIBRARY_PATH=/usr/local/lib
./server &
./client
You will see like thisFP
Vtest test
test
test
Mljtest test
test
test
test
test
test
test
Error creating SSL connection. err=ffffffff
error:14000126:SSL routines::unexpected eof while readingWhen OpenSSL is compiled without ktls, the client will print test infinitely, but when enable ktls, some data are corrupted and sometimes result in unexpected eof while reading.
Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and RecvPacket(); in client, it will also result in unexpected eof while reading so I think there is something wrong with handshake procedure when ktls is enabled, maybe memory leak or UAF.--SY, Dmitry Belyavsky
