Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData [1.21 backport] #62290

Closed
gopherbot opened this issue Aug 25, 2023 · 3 comments · Fixed by refraction-networking/utls#261
Closed

crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData [1.21 backport] #62290

gopherbot opened this issue Aug 25, 2023 · 3 comments · Fixed by refraction-networking/utls#261
Assignees
@neild
Labels
CherryPickApproved Used during the release process for point releases release-blocker Security
Milestone
Go1.21.1

Comments

@gopherbot
Copy link

@neild requested issue #62266 to be considered for backport to the next 1.21 minor release.

@gopherbot please backport to 1.21. This is a security vulnerability.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Aug 25, 2023
@gopherbot gopherbot mentioned this issue Aug 25, 2023
Closed
@neild neild self-assigned this Aug 25, 2023
@gopherbot gopherbot added this to the Go1.21.1 milestone Aug 25, 2023
@neild
Copy link
Contributor

neild commented Aug 25, 2023

Backport rationale: It's possible to work around this bug if you know about it, but it's significant and hazardous.

@gopherbot
Copy link
Author

Change https://go.dev/cl/523039 mentions this issue: [release-branch.go1.21] crypto/tls: QUIC: fix panics when processing post-handshake messages

@rolandshoemaker rolandshoemaker added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Aug 28, 2023
gopherbot pushed a commit that referenced this issue Aug 30, 2023
@neild @gopherbot
[release-branch.go1.21] crypto/tls: QUIC: fix panics when processing …
91a4e74 
…post-handshake messages

The check for fragmentary post-handshake messages in QUICConn.HandleData
was reversed, resulting in a potential panic when HandleData receives
a partial message.

In addition, HandleData wasn't checking the size of buffered
post-handshake messages. Produce an error when a post-handshake
message is larger than maxHandshake.

TestQUICConnectionState was using an onHandleCryptoData hook
in runTestQUICConnection that was never being called.
(I think it was inadvertently removed at some point while
the CL was in review.) Fix this test while making the hook
more general.

For #62266
Fixes #62290

Change-Id: I210b70634e50beb456ab3977eb11272b8724c241
Reviewed-on: https://go-review.googlesource.com/c/go/+/522595
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
(cherry picked from commit e92c0f8)
Reviewed-on: https://go-review.googlesource.com/c/go/+/523039
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@gopherbot
Copy link
Author

Closed by merging 91a4e74 to release-branch.go1.21.

@gaukas gaukas mentioned this issue Nov 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neild neild

Labels
CherryPickApproved Used during the release process for point releases release-blocker Security
Projects
None yet
Milestone
Go1.21.1
Development

Successfully merging a pull request may close this issue.

sync: go 1.21.4
4 participants
@neild @dmitshur @rolandshoemaker @gopherbot