From 56f1827674a9cecf117e0379d088fef1b23cf017 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 25 Jan 2022 14:51:54 +0000 Subject: Avoid an infinite loop in SSL_shutdown() If the peer closed the write side of the connection and we have not yet received the close_notify, SSL_shutdown() makes an extra read to try and read the peer's close_notify from the pipe. In that situation, we receive EOF. The legacy stack will return -1 while the TLSv1.3 stack will end up returning 0. Since the documentation is not super explicit about what should be done if SSL_shutdown() returns 0, some applications will enter an infinite loop. The code and documentation indicate that SSL_shutdown() should only be called once more if it returned 0. Newer versions of the OpenSSL documentation explicitly say that one should call SSL_read() if SSL_shutdown() returns 0 in order to retrieve the close_notify. Doing this would also have avoided this infinite loop. Reported by Carsten Arzig and bluhm with a test case extracted from the syslogd tests using IO::Socket::SSL, which has such an infinite loop. ok bluhm jsing --- src/lib/libssl/tls13_legacy.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index e54db03e3c..7327311c7b 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.34 2022/01/25 14:51:54 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -507,7 +507,7 @@ tls13_legacy_shutdown(SSL *ssl) } else if (!ctx->close_notify_recv) { /* * If there is no application data pending, attempt to read more - * data in order to receive a close notify. This should trigger + * data in order to receive a close-notify. This should trigger * a record to be read from the wire, which may be application * handshake or alert data. Only one attempt is made to match * previous semantics. @@ -516,6 +516,8 @@ tls13_legacy_shutdown(SSL *ssl) if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) < 0) return tls13_legacy_return_code(ssl, ret); + if (!ctx->close_notify_recv) + return -1; } } -- cgit v1.2.3-55-g6feb