Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData #62266

Closed
neild opened this issue Aug 24, 2023 · 5 comments
Closed

crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData #62266

neild opened this issue Aug 24, 2023 · 5 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done. Security
Milestone
Go1.22

Comments

@neild
Copy link
Contributor

neild commented Aug 24, 2023

Once the TLS handshake completes, QUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message. The size check is wrong, however, so it can pass along a partial message, triggering a panic when handlePostHandshakeMessage tries to read the remainder of the message.

In addition, HandleData doesn't limit the amount of data it can buffer. It should reject messages larger than maxHandshake.

Thanks to @marten-seemann for reporting this issue.

Normally, we'd consider this a PRIVATE track vulnerability, but this is a very new API and the only known user (quic-go) has already released a workaround in a patch release, so we're calling it PUBLIC track.

The panic due to partial messages is CVE-2023-39321.
The lack of a limit on buffered post-handshake data is CVE-2023-39322.
@gopherbot
Copy link

Change https://go.dev/cl/522595 mentions this issue: crypto/tls: QUIC: fix panics when processing post-handshake messages

@cagedmantis cagedmantis added the NeedsFix The path to resolution is known, but the work has not been done. label Aug 25, 2023
@cagedmantis cagedmantis added this to the Backlog milestone Aug 25, 2023
@neild
Copy link
Contributor Author

neild commented Aug 25, 2023

@gopherbot please backport to 1.21. This is a security vulnerability.

@gopherbot gopherbot mentioned this issue Aug 25, 2023
Closed
@gopherbot
Copy link

Backport issue(s) opened: #62290 (for 1.21).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@gopherbot
Copy link

Change https://go.dev/cl/523039 mentions this issue: [release-branch.go1.21] crypto/tls: QUIC: fix panics when processing post-handshake messages

@dmitshur dmitshur modified the milestones: Backlog, Go1.22 Aug 26, 2023
@neild neild removed the NeedsFix The path to resolution is known, but the work has not been done. label Aug 28, 2023
@dmitshur dmitshur added the NeedsFix The path to resolution is known, but the work has not been done. label Aug 30, 2023
gopherbot pushed a commit that referenced this issue Aug 30, 2023
@neild @gopherbot
[release-branch.go1.21] crypto/tls: QUIC: fix panics when processing …
91a4e74 
…post-handshake messages

The check for fragmentary post-handshake messages in QUICConn.HandleData
was reversed, resulting in a potential panic when HandleData receives
a partial message.

In addition, HandleData wasn't checking the size of buffered
post-handshake messages. Produce an error when a post-handshake
message is larger than maxHandshake.

TestQUICConnectionState was using an onHandleCryptoData hook
in runTestQUICConnection that was never being called.
(I think it was inadvertently removed at some point while
the CL was in review.) Fix this test while making the hook
more general.

For #62266
Fixes #62290

Change-Id: I210b70634e50beb456ab3977eb11272b8724c241
Reviewed-on: https://go-review.googlesource.com/c/go/+/522595
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
(cherry picked from commit e92c0f8)
Reviewed-on: https://go-review.googlesource.com/c/go/+/523039
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@neild
Copy link
Contributor Author

neild commented Aug 31, 2023
edited by rolandshoemaker

Suggested release note:

crypto/tls: panic when processing post-handshake message on QUIC connections

Processing an incomplete post-handshake message for a QUIC connection caused a panic.

Thanks to Marten Seemann for reporting this issue.

This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

@rcrozean rcrozean mentioned this issue Sep 6, 2023
Closed
@gaukas gaukas mentioned this issue Nov 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done. Security
Projects
None yet
Milestone
Go1.22
Development

No branches or pull requests
4 participants
@neild @cagedmantis @dmitshur @gopherbot