qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-10-01 11:38:34 -06:00
Code Releases Activity

crypto/tls: QUIC: fix panics when processing post-handshake messages

Browse Source 
The check for fragmentary post-handshake messages in QUICConn.HandleData
was reversed, resulting in a potential panic when HandleData receives
a partial message.

In addition, HandleData wasn't checking the size of buffered
post-handshake messages. Produce an error when a post-handshake
message is larger than maxHandshake.

TestQUICConnectionState was using an onHandleCryptoData hook
in runTestQUICConnection that was never being called.
(I think it was inadvertently removed at some point while
the CL was in review.) Fix this test while making the hook
more general.

Fixes #62266

Change-Id: I210b70634e50beb456ab3977eb11272b8724c241
Reviewed-on: https://go-review.googlesource.com/c/go/+/522595
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit is contained in:
Damien Neil 2023-08-24 09:57:58 -07:00
parent 777e65feb6
commit e92c0f846c
2 changed files with 74 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/crypto/tls/quic.go
View File

@ -228,16 +228,22 @@ func (q *QUICConn) HandleData(level QUICEncryptionLevel, data []byte) error {
return nil return nil
} }
// The handshake goroutine has exited. // The handshake goroutine has exited.
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
c.hand.Write(c.quic.readbuf) c.hand.Write(c.quic.readbuf)
c.quic.readbuf = nil c.quic.readbuf = nil
for q.conn.hand.Len() >= 4 && q.conn.handshakeErr == nil { for q.conn.hand.Len() >= 4 && q.conn.handshakeErr == nil {
b := q.conn.hand.Bytes() b := q.conn.hand.Bytes()
n := int(b[1])<<16 | int(b[2])<<8 | int(b[3]) n := int(b[1])<<16 | int(b[2])<<8 | int(b[3])
if 4+n < len(b) { if n > maxHandshake {
q.conn.handshakeErr = fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake)
break
}
if len(b) < 4+n {
return nil return nil
} }
if err := q.conn.handlePostHandshakeMessage(); err != nil { if err := q.conn.handlePostHandshakeMessage(); err != nil {
return quicError(err) q.conn.handshakeErr = err
} }
} }
if q.conn.handshakeErr != nil { if q.conn.handshakeErr != nil {

78
src/crypto/tls/quic_test.go
View File

@ -85,7 +85,7 @@ func (q *testQUICConn) setWriteSecret(level QUICEncryptionLevel, suite uint16, s
var errTransportParametersRequired = errors.New("transport parameters required") var errTransportParametersRequired = errors.New("transport parameters required")
func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onHandleCryptoData func()) error { func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onEvent func(e QUICEvent, src, dst *testQUICConn) bool) error {
a, b := cli, srv a, b := cli, srv
for _, c := range []*testQUICConn{a, b} { for _, c := range []*testQUICConn{a, b} {
if !c.conn.conn.quic.started { if !c.conn.conn.quic.started {
@ -97,6 +97,9 @@ func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onHandle
idleCount := 0 idleCount := 0
for { for {
e := a.conn.NextEvent() e := a.conn.NextEvent()
if onEvent != nil && onEvent(e, a, b) {
continue
}
switch e.Kind { switch e.Kind {
case QUICNoEvent: case QUICNoEvent:
idleCount++ idleCount++
@ -211,6 +214,37 @@ func TestQUICSessionResumption(t *testing.T) {
} }
} }
func TestQUICFragmentaryData(t *testing.T) {
clientConfig := testConfig.Clone()
clientConfig.MinVersion = VersionTLS13
clientConfig.ClientSessionCache = NewLRUClientSessionCache(1)
clientConfig.ServerName = "example.go.dev"
serverConfig := testConfig.Clone()
serverConfig.MinVersion = VersionTLS13
cli := newTestQUICClient(t, clientConfig)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, serverConfig)
srv.conn.SetTransportParameters(nil)
onEvent := func(e QUICEvent, src, dst *testQUICConn) bool {
if e.Kind == QUICWriteData {
// Provide the data one byte at a time.
for i := range e.Data {
if err := dst.conn.HandleData(e.Level, e.Data[i:i+1]); err != nil {
t.Errorf("HandleData: %v", err)
break
}
}
return true
}
return false
}
if err := runTestQUICConnection(context.Background(), cli, srv, onEvent); err != nil {
t.Fatalf("error during first connection handshake: %v", err)
}
}
func TestQUICPostHandshakeClientAuthentication(t *testing.T) { func TestQUICPostHandshakeClientAuthentication(t *testing.T) {
// RFC 9001, Section 4.4. // RFC 9001, Section 4.4.
config := testConfig.Clone() config := testConfig.Clone()
@ -264,6 +298,28 @@ func TestQUICPostHandshakeKeyUpdate(t *testing.T) {
} }
} }
func TestQUICPostHandshakeMessageTooLarge(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
size := maxHandshake + 1
if err := cli.conn.HandleData(QUICEncryptionLevelApplication, []byte{
byte(typeNewSessionTicket),
byte(size >> 16),
byte(size >> 8),
byte(size),
}); err == nil {
t.Fatalf("%v-byte post-handshake message: got no error, want one", size)
}
}
func TestQUICHandshakeError(t *testing.T) { func TestQUICHandshakeError(t *testing.T) {
clientConfig := testConfig.Clone() clientConfig := testConfig.Clone()
clientConfig.MinVersion = VersionTLS13 clientConfig.MinVersion = VersionTLS13
@ -298,26 +354,22 @@ func TestQUICConnectionState(t *testing.T) {
cli.conn.SetTransportParameters(nil) cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config) srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil) srv.conn.SetTransportParameters(nil)
onHandleCryptoData := func() { onEvent := func(e QUICEvent, src, dst *testQUICConn) bool {
cliCS := cli.conn.ConnectionState() cliCS := cli.conn.ConnectionState()
cliWantALPN := ""
if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; ok { if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; ok {
cliWantALPN = "h3" if want, got := cliCS.NegotiatedProtocol, "h3"; want != got {
}
if want, got := cliCS.NegotiatedProtocol, cliWantALPN; want != got {
t.Errorf("cli.ConnectionState().NegotiatedProtocol = %q, want %q", want, got) t.Errorf("cli.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
} }
srvCS := srv.conn.ConnectionState()
srvWantALPN := ""
if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; ok {
srvWantALPN = "h3"
} }
if want, got := srvCS.NegotiatedProtocol, srvWantALPN; want != got { srvCS := srv.conn.ConnectionState()
if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; ok {
if want, got := srvCS.NegotiatedProtocol, "h3"; want != got {
t.Errorf("srv.ConnectionState().NegotiatedProtocol = %q, want %q", want, got) t.Errorf("srv.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
} }
} }
if err := runTestQUICConnection(context.Background(), cli, srv, onHandleCryptoData); err != nil { return false
}
if err := runTestQUICConnection(context.Background(), cli, srv, onEvent); err != nil {
t.Fatalf("error during connection handshake: %v", err) t.Fatalf("error during connection handshake: %v", err)
} }
} }