[patch] TLS Handshake failures can crash imap-login
Hi,
I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash.
What was going on is this: In ssl-proxy-openssl.c in line 545 in the function ssl_step() the function ssl_handshake() is called. There SSL_accept() is called. If SSL_accept failes - because a client sent an invalid packet or something the server doesn't support or any other reason - ssl_handle_error() will be called.
ssl_handle_error() will call ssl_proxy_destroy(). ssl_proxy_destroy() will then call ssl_proxy_flush(). And ssl_proxy_flush will call ssl_step() again. Here we have a loop. Now when SSL_accept() gets called again on the same context this is an invalid state for OpenSSL and it crashes.
What to do? In essence, if ssl_proxy_destroy is called it shouldn't try to finish the handshake if the handshake hasn't even started due to an error. This can be done by a simple if check, see attached patch. I think this should do it.
I have seen that a bug that is probably rootet in this has been posted here before regarding ssl3-disabled configs: http://dovecot.org/pipermail/dovecot/2015-March/100188.html
cu,
Hanno Böck http://hboeck.de/
mail/jabber: hanno@hboeck.de GPG: BBB51E42
On 24/04/15 18:17, Hanno Böck wrote:
I couldnt reproduce that on a fully patched CentOS 6.6 box[root@correio ~]# cat /etc/redhat-release CentOS release 6.6 (Final)
[root@correio ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
[root@correio ~]# dovecot --version 2.2.16 (compiled from sources, not from any binary package)
[root@correio ~]# grep ssl_proto /etc/dovecot/extras/10-ssl.conf ssl_protocols = !SSLv2 !SSLv3
from dovecot logs when running the openssl command:
Apr 24 21:36:38 correio dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected
dont know if it matters, but i'm running signed certificated from RapidSSL, not self-signed ones
The openssl command returns an error but i see no crash at all
[root@correio ~]# openssl s_client -ssl3 -connect localhost:995 CONNECTED(00000003) 140022021363528:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40 140022021363528:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 0 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1429922121 Timeout : 7200 (sec) Verify return code: 0 (ok)
[root@correio ~]#
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email itOn 24/04/2015 22:17, Hanno Böck wrote:
Hello,
Thank you for your work on this.
I made that earlier report. Here is another similar report:
http://dovecot.org/pipermail/dovecot/2015-April/100576.html
James.
On Sat, 25 Apr 2015 21:36:25 +0300 Teemu Huovila <teemu.huovila@dovecot.fi> wrote:
both openssl and dovecot latest (1.0.2a, 2.2.16) on a Gentoo.
Please note that it's not dovecot itself that's crashing but pop3-login/imap-login. You don't note these if you haven't some kind of segfault reporting.
-- Hanno Böck http://hboeck.de/
mail/jabber: hanno@hboeck.de GPG: BBB51E42
On 25.04.2015 20:36, Teemu Huovila wrote:
Since there are three people involved I kindly ask you to be more specific as to who should provide which (exact) information.
Given you ask for it right after quoting my link all I can tell you is that I provide all the information you ask for (openssl version, crash message) in the link you quoted.
Where (openssl, distro, dovecot version) did you try reproducing it? I've asked a friend using debian or centos (don't know which) and he was unable to reproduce so as always they might be patching something, it might not affect old software or they don't link with openssl.
I also provide a link to an openssl dev explaining why this happens later in my thread. Here's the openssl bug report about this issue: <https://rt.openssl.org/Ticket/Display.html?id=3818>. Login for the openssl tracker is guest/guest.
On Sun, 26 Apr 2015 21:51:25 +0300 Teemu Huovila <teemu.huovila@dovecot.fi> wrote:
No that's not true. I have explicitely tried that. You just need to *disable* SSLv3, but that can be done within the config file.
-- Hanno Böck http://hboeck.de/
mail/jabber: hanno@hboeck.de GPG: BBB51E42
On 27/04/2015 07:52, Teemu Huovila wrote:
Conversely, a workaround for this issue would be to enable sslv3, on the library level.
No, I tried with Openssl with and without ssl3 as per my original thread which has the details.
http://dovecot.org/pipermail/dovecot/2015-March/100202.html
James.
participants (5)
-
Florian Pritz
-
Hanno Böck
-
James
-
Leonardo Rodrigues
-
Teemu Huovila