urel, fix crash SIGSEGV on commit, because of ssl errors osc bug #389

author: Björn Bidar 2018-05-14 00:15:25 +0200
committer: Björn Bidar 2018-05-14 00:15:25 +0200
commit: c8e5b61b951201783f6d2fa31ea8000f86aab307 (patch)
tree: b7e4aca5a8683cd0cfb6f4ffb826850131753558
parent: 1f5ddc4dff451838260833cbf32444ca25d19043 (diff)
download: aur-c8e5b61b951201783f6d2fa31ea8000f86aab307.tar.gz
3 files changed, 117 insertions, 5 deletions
diff --git a/.SRCINFO b/.SRCINFO
index da474a50d6dd..40bec84c122a 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by mksrcinfo v8
-# Tue Feb  6 14:17:04 UTC 2018
+# Sun May 13 22:13:06 UTC 2018
 pkgbase = osc
 	pkgdesc = Command line client for the openSUSE Build Service
 	pkgver = 0.162.1
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/openSUSE/osc
 	arch = any
 	license = GPL2
@@ -22,8 +22,10 @@ pkgbase = osc
 	replaces = zsh-completion-osc
 	source = https://github.com/openSUSE/osc/archive/0.162.1.tar.gz
 	source = _osc
+	source = 0001-Disable-ssl-session-resumption.patch
 	sha256sums = 529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c
 	sha256sums = 2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a
+	sha256sums = 7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f
 
 pkgname = osc
 
diff --git a/0001-Disable-ssl-session-resumption.patch b/0001-Disable-ssl-session-resumption.patch
new file mode 100644
index 000000000000..0542a486ca4f
--- /dev/null
+++ b/0001-Disable-ssl-session-resumption.patch
@@ -0,0 +1,106 @@
+From b730f880cfe85a8547f569355a21706f27ebfa78 Mon Sep 17 00:00:00 2001
+From: Marcus Huewe <suse-tux@gmx.de>
+Date: Tue, 8 May 2018 14:23:08 +0200
+Subject: [PATCH] Disable ssl session resumption
+
+The old code could potentially yield to a use-after-free situation,
+which results in UB. For this, consider the following scenario, where
+osc performs several HTTPS requests (assumption: the server supports
+ssl session resumption):
+
+- HTTPS Request 1:
+  * a new SSL *s connection is established, which also creates a new
+    SSL_SESSION *ss => ss->references == 1
+  * once the handshake is done, the ss is put into the session cache
+    (see ssl_update_cache) => ss->references == 2
+  - osc saves the session ss in a class variable
+  - s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1
+
+- HTTPS Request 2:
+  * setup a new SSL *s connection that reuses the saved session ss
+    => ss->references == 2
+  * once the handshake is done, ssl_update_cache is called, which is a
+    NOP, because s->hit == 1 (that is, the session was resumed)
+  * osc saves the session ss in a class variable
+  * s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1
+
+...
+
+> 2 hours later (see tls1_default_timeout)
+
+...
+
+- HTTPS Request 256:
+  * setup a new SSL *s connection that reuses the saved session ss
+    => ss->references == 2
+  * once the handshake is done, ssl_update_cache is called, but is
+    _no_ NOP anymore
+  * ssl_update_cache flushes the session cache (this is done every
+    255/256 (depending on the way we count) connections) => ss is
+    SSL_SESSION_free()d => ss->references == 1
+  * osc saves the session ss in a class variable
+  * s is SSL_free()d, which calls SSL_SESSION_free:
+    since ss->references == 1, ss is eventually free()d
+
+- HTTPS Request 257:
+  * setup a new SSL *s connection that reuses the saved session ss
+
+Since ss does not exist anymore, the remaining program execution is UB.
+
+(Note: SSL_free(...) is _NOT_ called, if M2Crypto 0.29 is used.
+M2Crypto 0.30 calls SSL_free(...) again.)
+
+Due to a bug in OpenSSL_1_1_0h (see openssl commit 8e405776858) the
+scenario from above can be triggered with exactly 2 HTTPS requests (the
+SSL_SESSION is not cached, because we configured SSL_VERIFY_PEER, but
+no sid_ctx was set). This is fixed in openssl commit c4fa1f7fc01.
+
+In order to reliably reuse a session, we probably need to listen to the
+session cache changes. Such callbacks could be registered via
+SSL_CTX_sess_set_new_cb and/or SSL_CTX_sess_set_remove_cb, but both
+functions are not provided by M2Crypto. Another idea is to directly utilize
+the session cache, but this also has to be implemented in M2Crypto first.
+Yet another approach is to retrieve the session via SSL_get1_session, which
+increases the session's refcnt, but this also needs to be implemented in
+M2Crypto first (if we choose to use this approach, we also have to make
+sure that we eventually free the session manually...).
+
+Fixes: #398 ("SIGSEGV on \"osc commit\"")
+---
+ osc/oscssl.py | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/osc/oscssl.py b/osc/oscssl.py
+index 7aa5a0d..186c98d 100644
+--- a/osc/oscssl.py
++++ b/osc/oscssl.py
+@@ -174,7 +174,6 @@ class mySSLContext(SSL.Context):
+ 
+ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
+     handler_order = 499
+-    saved_session = None
+ 
+     def __init__(self, *args, **kwargs):
+         self.appname = kwargs.pop('appname', 'generic')
+@@ -204,8 +203,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
+             selector = req.get_selector()
+         # End our change
+         h.set_debuglevel(self._debuglevel)
+-        if self.saved_session:
+-            h.set_session(self.saved_session)
+ 
+         headers = dict(req.headers)
+         headers.update(req.unredirected_hdrs)
+@@ -218,9 +215,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
+         headers["Connection"] = "close"
+         try:
+             h.request(req.get_method(), selector, req.data, headers)
+-            s = h.get_session()
+-            if s:
+-                self.saved_session = s
+             r = h.getresponse()
+         except socket.error as err: # XXX what error?
+             err.filename = full_url
+-- 
+2.17.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 7dd72eb2f3d1..80571268b53a 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@
 
 pkgname=osc
 pkgver=0.162.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Command line client for the openSUSE Build Service"
 arch=(any)
 url="https://github.com/openSUSE/osc"
@@ -24,13 +24,17 @@ optdepends=('obs-build: required to run local builds'
 conflicts=('osc-git' 'osc-bash-completion' 'zsh-completion-osc')
 replaces=('osc-bash-completion' 'zsh-completion-osc')
 source=("https://github.com/openSUSE/${pkgname}/archive/${pkgver}.tar.gz"
-        "_osc")
+        "_osc"
+       '0001-Disable-ssl-session-resumption.patch' )
 sha256sums=('529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c'
-            '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a')
+            '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a'
+            '7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f')
 
 prepare() {
   # Add 'Arch_Core' and 'Arch_Extra' as osc build targets
   sed -i "s|SLE_11_SP2|SLE_11_SP2 Arch_Core Arch_Extra|" _osc
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -Np1 -i "${srcdir}"/0001-Disable-ssl-session-resumption.patch 
 }
 
 build() {
author	Björn Bidar	2018-05-14 00:15:25 +0200
committer	Björn Bidar	2018-05-14 00:15:25 +0200
commit	c8e5b61b951201783f6d2fa31ea8000f86aab307 (patch)
tree	b7e4aca5a8683cd0cfb6f4ffb826850131753558
parent	1f5ddc4dff451838260833cbf32444ca25d19043 (diff)
download	aur-c8e5b61b951201783f6d2fa31ea8000f86aab307.tar.gz