Project

General

Profile

Bug #261

Failed SSL handshake causes bip to write to a random socket, and never close the connection

Added by Thijs Alkemade over 6 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Target version:
Start date:
2011-11-10
Due date:
% Done:

100%

Patch Available:
Yes
Found in Versions:
0.8.2
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

Lately, I've occasionally received errors in my client saying "Unknown message '28126:error:1407609C:SSL', The IRC server received a message it did not understand.", typing 'lsof -i' on the machine bip is running on would then show there was an incoming connection from a weird, foreign IP address to bip, which ended up in CLOSED_WAIT state.

My theory on why this happens is this: when using SSL (client_side_ssl = true), bip will write an error to stderr when the SSL handshake fails. However, if it is running as a daemon, stderr will have been closed. This means that it is likely that this file descriptor is now used as a connection to a server or client. So when something connects and tries to send something that isn't a valid SSL handshake, bip will print an error to the server, which then responds that it doesn't understand that message. This could even allow an attacker to, for example, cause bip to send a lot of malformed messages and get disconnected from the server.

This happens because there is a BIO* struct created that is initialized with stderr (src/connection.c:1206) for handling SSL errors. It would be better if this were printed to the global log file.

Also, when an SSL handshake error occurs, a socket is never closed, but remains in CLOSE_WAIT state forever. This happens because a socket that is set to have an error will never be closed (src/connection.c:57).

I'm attaching a patch that fixed both of these problems.

bip.diff View - A patch which fixes this problem (962 Bytes) Thijs Alkemade, 2011-11-10 22:44


Related issues

Duplicated by Bip - Bug #297: crash, probably due to file descriptor leak Rejected 2012-06-02

Associated revisions

Revision df45c4c2 (diff)
Added by Pierre-Louis Bonicoli about 6 years ago

Closes #261. Fix by Thijs Alkemade.

- use conf_global_log_file instead of stderr
- when a SSL handshake error occurs, close socket

History

#1 Updated by Pierre-Louis Bonicoli over 6 years ago

  • Assignee set to Pierre-Louis Bonicoli
  • Target version set to 0.8.9
  • Confirmed changed from No to Yes

#2 Updated by Pierre-Louis Bonicoli about 6 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Pierre-Louis Bonicoli about 6 years ago

  • Help Needed set to No

How to test:

  1. Enable client side ssl in bip.conf:
    client_side_ssl = true;
    client_side_ssl_pem = "/tmp/testcert.pem";
    
  2. comments all connections in bip.conf
  3. use "telnet 127.0.0.1 7778"
  4. run another "telnet 127.0.0.1 7778"
  5. types some characters inside the first telnet
  6. Second telnet receive "16240:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578:"

Without the patch telnet doesn't stop. With the patch first telnet ends with "Connection closed by foreign host.".

  • Logs without patch:
    25-01-2012 05:00:33 DEBUG: Trying to accept new client on 0
    25-01-2012 05:00:33 DEBUG: No SSL context available for accepted connections. Initializing...
    25-01-2012 05:00:33 WARNING: SSL: Unable to load key file
    25-01-2012 05:00:33 DEBUG: New client on socket 2 !
    25-01-2012 05:00:38 ERROR: Error in SSL handshake.
    25-01-2012 05:00:38 ERROR: Error on fd 2 (state 3)
    25-01-2012 05:00:38 ERROR: client read_lines error, closing...
    25-01-2012 05:00:38 DEBUG: Connection close asked. FD:2 
    
  • Logs with patch:
    25-01-2012 04:47:21 DEBUG: Trying to accept new client on 0
    25-01-2012 04:47:21 DEBUG: No SSL context available for accepted connections. Initializing...
    25-01-2012 04:47:21 WARNING: SSL: Unable to load key file
    25-01-2012 04:47:21 DEBUG: New client on socket 2 !
    12464:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578:
    25-01-2012 04:47:24 ERROR: Error in SSL handshake.
    25-01-2012 04:47:24 DEBUG: Connection close asked. FD:2
    25-01-2012 04:47:24 ERROR: Error on fd 2 (state 3)
    25-01-2012 04:47:24 ERROR: client read_lines error, closing...
    25-01-2012 04:47:24 DEBUG: Connection close asked. FD:2
    

#4 Updated by Marc Dequènes over 4 years ago

  • Security changed from No to Yes

Also available in: Atom PDF