diff options
author | Björn Bidar | 2018-05-14 00:15:25 +0200 |
---|---|---|
committer | Björn Bidar | 2018-05-14 00:15:25 +0200 |
commit | c8e5b61b951201783f6d2fa31ea8000f86aab307 (patch) | |
tree | b7e4aca5a8683cd0cfb6f4ffb826850131753558 | |
parent | 1f5ddc4dff451838260833cbf32444ca25d19043 (diff) | |
download | aur-c8e5b61b951201783f6d2fa31ea8000f86aab307.tar.gz |
urel, fix crash SIGSEGV on commit, because of ssl errors osc bug #389
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | 0001-Disable-ssl-session-resumption.patch | 106 | ||||
-rw-r--r-- | PKGBUILD | 10 |
3 files changed, 117 insertions, 5 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Tue Feb 6 14:17:04 UTC 2018 +# Sun May 13 22:13:06 UTC 2018 pkgbase = osc pkgdesc = Command line client for the openSUSE Build Service pkgver = 0.162.1 - pkgrel = 1 + pkgrel = 2 url = https://github.com/openSUSE/osc arch = any license = GPL2 @@ -22,8 +22,10 @@ pkgbase = osc replaces = zsh-completion-osc source = https://github.com/openSUSE/osc/archive/0.162.1.tar.gz source = _osc + source = 0001-Disable-ssl-session-resumption.patch sha256sums = 529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c sha256sums = 2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a + sha256sums = 7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f pkgname = osc diff --git a/0001-Disable-ssl-session-resumption.patch b/0001-Disable-ssl-session-resumption.patch new file mode 100644 index 000000000000..0542a486ca4f --- /dev/null +++ b/0001-Disable-ssl-session-resumption.patch @@ -0,0 +1,106 @@ +From b730f880cfe85a8547f569355a21706f27ebfa78 Mon Sep 17 00:00:00 2001 +From: Marcus Huewe <suse-tux@gmx.de> +Date: Tue, 8 May 2018 14:23:08 +0200 +Subject: [PATCH] Disable ssl session resumption + +The old code could potentially yield to a use-after-free situation, +which results in UB. For this, consider the following scenario, where +osc performs several HTTPS requests (assumption: the server supports +ssl session resumption): + +- HTTPS Request 1: + * a new SSL *s connection is established, which also creates a new + SSL_SESSION *ss => ss->references == 1 + * once the handshake is done, the ss is put into the session cache + (see ssl_update_cache) => ss->references == 2 + - osc saves the session ss in a class variable + - s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1 + +- HTTPS Request 2: + * setup a new SSL *s connection that reuses the saved session ss + => ss->references == 2 + * once the handshake is done, ssl_update_cache is called, which is a + NOP, because s->hit == 1 (that is, the session was resumed) + * osc saves the session ss in a class variable + * s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1 + +... + +> 2 hours later (see tls1_default_timeout) + +... + +- HTTPS Request 256: + * setup a new SSL *s connection that reuses the saved session ss + => ss->references == 2 + * once the handshake is done, ssl_update_cache is called, but is + _no_ NOP anymore + * ssl_update_cache flushes the session cache (this is done every + 255/256 (depending on the way we count) connections) => ss is + SSL_SESSION_free()d => ss->references == 1 + * osc saves the session ss in a class variable + * s is SSL_free()d, which calls SSL_SESSION_free: + since ss->references == 1, ss is eventually free()d + +- HTTPS Request 257: + * setup a new SSL *s connection that reuses the saved session ss + +Since ss does not exist anymore, the remaining program execution is UB. + +(Note: SSL_free(...) is _NOT_ called, if M2Crypto 0.29 is used. +M2Crypto 0.30 calls SSL_free(...) again.) + +Due to a bug in OpenSSL_1_1_0h (see openssl commit 8e405776858) the +scenario from above can be triggered with exactly 2 HTTPS requests (the +SSL_SESSION is not cached, because we configured SSL_VERIFY_PEER, but +no sid_ctx was set). This is fixed in openssl commit c4fa1f7fc01. + +In order to reliably reuse a session, we probably need to listen to the +session cache changes. Such callbacks could be registered via +SSL_CTX_sess_set_new_cb and/or SSL_CTX_sess_set_remove_cb, but both +functions are not provided by M2Crypto. Another idea is to directly utilize +the session cache, but this also has to be implemented in M2Crypto first. +Yet another approach is to retrieve the session via SSL_get1_session, which +increases the session's refcnt, but this also needs to be implemented in +M2Crypto first (if we choose to use this approach, we also have to make +sure that we eventually free the session manually...). + +Fixes: #398 ("SIGSEGV on \"osc commit\"") +--- + osc/oscssl.py | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/osc/oscssl.py b/osc/oscssl.py +index 7aa5a0d..186c98d 100644 +--- a/osc/oscssl.py ++++ b/osc/oscssl.py +@@ -174,7 +174,6 @@ class mySSLContext(SSL.Context): + + class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler): + handler_order = 499 +- saved_session = None + + def __init__(self, *args, **kwargs): + self.appname = kwargs.pop('appname', 'generic') +@@ -204,8 +203,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler): + selector = req.get_selector() + # End our change + h.set_debuglevel(self._debuglevel) +- if self.saved_session: +- h.set_session(self.saved_session) + + headers = dict(req.headers) + headers.update(req.unredirected_hdrs) +@@ -218,9 +215,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler): + headers["Connection"] = "close" + try: + h.request(req.get_method(), selector, req.data, headers) +- s = h.get_session() +- if s: +- self.saved_session = s + r = h.getresponse() + except socket.error as err: # XXX what error? + err.filename = full_url +-- +2.17.0 + @@ -7,7 +7,7 @@ pkgname=osc pkgver=0.162.1 -pkgrel=1 +pkgrel=2 pkgdesc="Command line client for the openSUSE Build Service" arch=(any) url="https://github.com/openSUSE/osc" @@ -24,13 +24,17 @@ optdepends=('obs-build: required to run local builds' conflicts=('osc-git' 'osc-bash-completion' 'zsh-completion-osc') replaces=('osc-bash-completion' 'zsh-completion-osc') source=("https://github.com/openSUSE/${pkgname}/archive/${pkgver}.tar.gz" - "_osc") + "_osc" + '0001-Disable-ssl-session-resumption.patch' ) sha256sums=('529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c' - '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a') + '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a' + '7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f') prepare() { # Add 'Arch_Core' and 'Arch_Extra' as osc build targets sed -i "s|SLE_11_SP2|SLE_11_SP2 Arch_Core Arch_Extra|" _osc + cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i "${srcdir}"/0001-Disable-ssl-session-resumption.patch } build() { |